VirtuMonde Help

Oh_noes117 · Jan 10, 2009

Hello

I Belive i have VirtuMonde and other Viruses such as SmithFraud-C or however its spelled. Heres my HIJACK log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:31 PM, on 1/10/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 8.8.193.249 warcraftfunserver.mypets.ws
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {81E89DDA-F393-43A5-BAFF-72A81F1539CF} - (no file)
O2 - BHO: (no name) - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wekewfjo983mkefdd] C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wekewfjo983mkefdd] C:\DOCUME~1\goof\LOCALS~1\Temp\winlogan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\goof\LOCALS~1\Temp\csrssc.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: FIFA 09 Registration.lnk = C:\Program Files\EA Sports\Support\EAregister.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: xkgoos.dll riwong.dll
O20 - Winlogon Notify: iifdcDsS - C:\WINDOWS\
O20 - Winlogon Notify: iifgfFUN - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - C:\WINDOWS\system32\msinet.exe (file missing)
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8083 bytes
Thanks

Shaba · Jan 15, 2009

Hi Oh_noes117

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Oh_noes117 · Jan 15, 2009

Hello Shaba.

Thanks for replying to my thred. I really need some help. I got ComboFix and ran it but AVG Scan is getting in the way of it and i cant seem to Uninstall AVG or manually delete it. I cant end the process avgrsx and i think thats the problem... it will still let me Run ComboFix but it says it might get in the way. What should i do?
Thanks

Shaba · Jan 15, 2009

Please try to run combofix in safe mode.

If it still complains about AVG, please try to uninstall AVG in safe mode.

Oh_noes117 · Jan 15, 2009

Hey Shaba

After a long time of working i got it to work.. but i cant go to Normal mode because all my long lost STARTUP files have come back and my computer blue screens when they all pop up. Here is Combo fix log

ComboFix 09-01-13.04 - goof 2009-01-15 17:23:32.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.782 [GMT -5:00]
Running from: c:\documents and settings\goof\Desktop\ComboFix.exe
AV: AVG *On-access scanning disabled* (Outdated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\goof\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\BMb3ddb32d.txt
c:\windows\BMb3ddb32d.xml
c:\windows\cookies.ini
c:\windows\kernel32.exe
c:\windows\system32.exe
c:\windows\system32\abvfccnf.dll
c:\windows\system32\afigipay.ini
c:\windows\system32\arikolim.ini
c:\windows\system32\bevukeyo.dll
c:\windows\system32\bewuhz.dll
c:\windows\system32\bosurezo.dll
c:\windows\system32\bsnzafqa.bin
c:\windows\system32\cbXQHXPF.dll
c:\windows\system32\cfcinjel.ini
c:\windows\system32\cfg.dat
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekarntymxle.sys
c:\windows\system32\enimasol.ini
c:\windows\system32\ftnjkx.dll
c:\windows\system32\gakilime.dll
c:\windows\system32\hgGyawVN.dll
c:\windows\system32\ipubebow.ini
c:\windows\system32\ktstkn.dll
c:\windows\system32\losamine.dll
c:\windows\system32\maligoha.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\Memman.vxd
c:\windows\system32\milokira.dll
c:\windows\system32\ovoyonez.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\riwong.dll
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekaiqpxmtki.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekaobxhomli.dll
c:\windows\system32\seyohale.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\suhalewo.dll
c:\windows\system32\taixxe.dll
c:\windows\system32\tevupiru.dll
c:\windows\system32\tifupeva.dll
c:\windows\system32\tmp.reg
c:\windows\system32\tuzatazo.dll
c:\windows\system32\uvogeduk.ini
c:\windows\system32\vemumise.dll
c:\windows\system32\vikobepu.dll
c:\windows\system32\wivekogu.dll
c:\windows\system32\wobebupi.dll
c:\windows\system32\yapigifa.dll
c:\windows\system32\yeneseje.dll
c:\windows\system32\yodohasi.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Legacy_msupdate
-------\Legacy_NPF
-------\Service_msupdate

((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-12 16:31 . 2009-01-12 16:31 2,098 ---hs---- c:\windows\system32\tilufewa.dll
2009-01-10 12:31 . 2009-01-10 12:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 21:33 . 2009-01-09 21:33 <DIR> d-------- c:\documents and settings\goof\.thumbnails
2009-01-09 21:32 . 2009-01-11 12:47 <DIR> d-------- c:\documents and settings\goof\.gimp-2.6
2009-01-09 21:31 . 2009-01-09 21:31 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-09 21:31 . 2009-01-09 21:32 <DIR> d-------- c:\documents and settings\goof\.gegl-0.0
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\documents and settings\goof\Application Data\Malwarebytes
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-09 17:26 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:26 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 17:11 . 2009-01-08 17:11 <DIR> d-------- c:\documents and settings\goof\Application Data\cogad
2009-01-08 16:56 . 2009-01-08 16:56 46,080 --a------ c:\windows\system32\vtUmMebA.dll
2008-12-30 23:20 . 2008-12-30 23:20 4,096 --a------ c:\windows\system32\crash
2008-12-30 20:24 . 2008-12-31 16:37 <DIR> d-------- C:\SAMP
2008-12-30 14:45 . 2008-12-30 14:45 <DIR> d-------- c:\program files\Rockstar Games
2008-12-26 21:37 . 2008-12-26 21:37 <DIR> d-------- c:\documents and settings\goof\Application Data\Leadertech
2008-12-26 20:53 . 2008-12-26 21:40 <DIR> d-------- c:\program files\EA Sports
2008-12-26 20:53 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-26 20:53 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-26 17:07 . 2008-12-26 17:14 <DIR> d-------- c:\program files\GCFScape
2008-12-23 19:33 . 2008-12-28 22:28 <DIR> d-------- C:\HammerAutosave
2008-12-23 14:15 . 2008-12-23 14:15 <DIR> d-------- c:\program files\Microsoft Speech SDK 5.1
2008-12-23 14:04 . 2008-12-23 14:04 <DIR> d-------- c:\program files\Audacity
2008-12-22 11:13 . 2008-12-28 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-12-19 17:21 . 2008-12-19 17:21 <DIR> d-------- c:\program files\GOG.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 22:15 --------- d-----w c:\program files\Steam
2009-01-15 22:15 --------- d-----w c:\documents and settings\goof\Application Data\Hamachi
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-15 00:45 --------- d-----w c:\program files\Dl_cats
2009-01-11 17:43 --------- d-----w c:\documents and settings\goof\Application Data\gtk-2.0
2009-01-08 23:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-08 21:54 114,603,808 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-08 04:37 1,537,580 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-06 05:48 --------- d-----w c:\documents and settings\goof\Application Data\Azureus
2009-01-03 01:14 --------- d-----w c:\documents and settings\goof\Application Data\dvdcss
2008-12-30 19:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 21:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 18:09 --------- d-----w c:\program files\Hamachi
2008-12-13 23:56 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-13 04:47 --------- d-----w c:\program files\Crazy Machines
2008-11-28 16:06 --------- d-----w c:\program files\Azureus
2008-11-27 17:28 --------- d-----w c:\documents and settings\goof\Application Data\Apple Computer
2008-11-26 17:59 --------- d-----w c:\program files\Project64 1.6
2008-11-23 23:26 --------- d-----w c:\program files\Toribash
2008-11-21 20:08 --------- d-----w c:\documents and settings\Dann\Application Data\Subversion
2008-11-18 22:57 --------- d-----w c:\documents and settings\goof\Application Data\Viewpoint
2008-11-01 19:37 52,736 -c--a-w c:\windows\ipuninst.exe
2007-09-30 00:09 22,328 -c--a-w c:\documents and settings\Dann\Application Data\PnkBstrK.sys
2005-10-12 21:04 131,072 -c--a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
1601-01-01 00:12 2,048 --sha-w c:\windows\system32\kirenalo.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 695808]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"CPMb3ddb32d"="c:\windows\system32\tilepilo.dll" [2009-01-15 127860]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 919016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-06 200704]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

c:\documents and settings\goof\Start Menu\Programs\Startup\
FIFA 09 Registration.lnk - c:\program files\EA Sports\Support\EAregister.exe [2008-08-13 4369408]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-12-13 625952]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2008-04-22 2998608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\tilepilo.dll" [2009-01-15 127860]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tilepilo.dll [2009-01-15 127860]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\gakilime.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"Norton Ghost"=2 (0x2)
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcScnSrv"=3 (0x3)
"PcCtlCom"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fire_angelaok@yahoo.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fire_angelaok@yahoo.com\\half-life\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\OpenCASE\\OpenCASE Media Agent\\MediaAgent.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25050:UDP"= 25050:UDP:GabeNet

S1 a1a27fa;a1a27fa;c:\windows\system32\drivers\a1a27fa.sys [2008-08-20 0]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-30 96520]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-21 873752]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-21 231192]
S4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-30 76040]
S4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2007-11-06 810632]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-06-09 61526]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-28 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1de4dc6-0526-11db-9a7e-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-15 c:\windows\Tasks\zyoloquk.job
- c:\windows\system32\rundll32.exe [2004-08-04 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{157d3ec4-5125-48a2-af75-3a1303905ab5} - c:\windows\system32\maligoha.dll
BHO-{7b689696-5f43-4157-8a27-1fae7483136a} - c:\windows\system32\bewuhz.dll
BHO-{81E89DDA-F393-43A5-BAFF-72A81F1539CF} - (no file)
BHO-{D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
HKCU-Run-Aim6 - c:\program files\AIM6\aim6.exe
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Zune Launcher - c:\program files\Zune\ZuneLauncher.exe
HKLM-Run-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
HKLM-Run-VirusScan Online - c:\program files\McAfee.com\VSO\mcvsshld.exe
HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
HKLM-Run-PCPitstop Registration Reminder - c:\program files\PCPitstop\Exterminate\Reminder.exe
HKLM-Run-pccguide.exe - c:\program files\Trend Micro\Internet Security 2007\pccguide.exe
HKLM-Run-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
HKLM-Run-Norton Ghost 10.0 - c:\program files\Norton Ghost\Agent\GhostTray.exe
HKLM-Run-MSKAGENTEXE - c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
HKLM-Run-MPFEXE - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
HKLM-Run-MCAgentExe - c:\progra~1\mcafee.com\agent\McAgent.exe
HKLM-Run-IPHSend - c:\program files\Common Files\AOL\IPHSend\IPHSend.exe
HKLM-Run-HostManager - c:\program files\Common Files\AOL\1151441153\ee\AOLSoftware.exe
HKLM-Run-Cleanator - c:\program files\Cleanator\Cleanator.exe
HKLM-Run-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
HKLM-Run-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
Notify-iifdcDsS - (no file)
Notify-iifgfFUN - (no file)

.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - ?p=ZNfox000
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 17:31:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1922755085-1678472594-1395284061-1012\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,d3,f4,65,81,24,90,30,ec,d7,0a,62,f5,6d,e1,ac,d5,5a,f4,16,24,24,23,
02,d5,c1,18,12,d6,2d,5e,df,5c,42,4a,e7,cc,4d,b1,83,99,ac,bc,c5,49,66,b9,a3,\
"??"=hex:12,16,8f,09,97,e9,30,18,d9,17,0c,8c,a2,8f,69,69

[HKEY_USERS\S-1-5-21-1922755085-1678472594-1395284061-1012\Software\SecuROM\License information*]
"datasecu"=hex:93,97,79,1e,e6,da,64,54,1b,40,9e,53,ea,51,6a,30,be,ab,3c,a3,20,
02,65,cf,fe,c3,7c,4d,c0,06,a4,5c,db,fa,ee,1b,06,db,b3,79,ad,d4,36,f5,51,c5,\
"rkeysecu"=hex:40,1e,c4,83,e6,ca,26,68,52,74,9c,ec,57,f6,a8,56
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\PRISMSVR.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
.
**************************************************************************
.
Completion time: 2009-01-15 17:37:36 - machine was rebooted [goof]
ComboFix-quarantined-files.txt 2009-01-15 22:37:34

Pre-Run: 13,234,352,128 bytes free
Post-Run: 13,128,290,304 bytes free

382 --- E O F --- 2008-08-20 03:37:06

Here is HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:54 PM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPMb3ddb32d] Rundll32.exe "c:\windows\system32\tilepilo.dll",a
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: FIFA 09 Registration.lnk = C:\Program Files\EA Sports\Support\EAregister.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: c:\windows\system32\tilepilo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tilepilo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tilepilo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8183 bytes
Thanks

Shaba · Jan 16, 2009

Are you able to use another computer for transferring logs etc.?

I ask because Safe mode with network support shouldn't be used because it infection comes back all the time.

Oh_noes117 · Jan 16, 2009

Ya i got the Normal mode to work... sorry about that

Shaba · Jan 17, 2009

Thanks for update

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
c:\windows\system32\tilufewa.dll
c:\windows\system32\kirenalo.dll
c:\windows\system32\drivers\a1a27fa.sys
c:\StubInstaller.exe

Folder::
c:\Program Files\Soulseek
c:\Program Files\LimeWire
c:\program files\Azureus
c:\documents and settings\goof\Application Data\Azureus

Driver::
a1a27fa

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\Soulseek\\slsk.exe"=-

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa] 
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Oh_noes117 · Jan 18, 2009

Dear Shaba... i got it all done but it says its to long... What should i do?

Shaba · Jan 18, 2009

Then you can split it into multiple replies, please

Oh_noes117 · Jan 18, 2009

Dear Shaba,
Ok here is the start

ComboFix 09-01-13.04 - goof 2009-01-18 11:57:41.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.617 [GMT -5:00]
Running from: c:\documents and settings\goof\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\goof\Desktop\CFScript.txt
AV: AVG *On-access scanning disabled* (Outdated)
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated)
FW: ZoneAlarm Security Suite Firewall *disabled*
* Created a new restore point

FILE ::
c:\StubInstaller.exe
c:\windows\system32\drivers\a1a27fa.sys
c:\windows\system32\kirenalo.dll
c:\windows\system32\tilufewa.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\goof\Application Data\Azureus
c:\documents and settings\goof\Application Data\Azureus\.certs
c:\documents and settings\goof\Application Data\Azureus\.keystore
c:\documents and settings\goof\Application Data\Azureus\.lock
c:\documents and settings\goof\Application Data\Azureus\active\4289777690D3558993E2DDB2B926CEC1D8EEDE6C.dat
c:\documents and settings\goof\Application Data\Azureus\active\4289777690D3558993E2DDB2B926CEC1D8EEDE6C.dat.bak
c:\documents and settings\goof\Application Data\Azureus\active\cache.dat
c:\documents and settings\goof\Application Data\Azureus\active\E8E9B1C7351F92C0EAE5D1268E9B733F43C43AB1.dat
c:\documents and settings\goof\Application Data\Azureus\active\E8E9B1C7351F92C0EAE5D1268E9B733F43C43AB1.dat.bak
c:\documents and settings\goof\Application Data\Azureus\azplay.asx
c:\documents and settings\goof\Application Data\Azureus\azureus.config
c:\documents and settings\goof\Application Data\Azureus\azureus.config.bak
c:\documents and settings\goof\Application Data\Azureus\azureus.statistics
c:\documents and settings\goof\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\goof\Application Data\Azureus\banips.config
c:\documents and settings\goof\Application Data\Azureus\banips.config.bak
c:\documents and settings\goof\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\goof\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\goof\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\goof\Application Data\Azureus\dht\general.dat
c:\documents and settings\goof\Application Data\Azureus\dht\version.dat
c:\documents and settings\goof\Application Data\Azureus\downloads.config
c:\documents and settings\goof\Application Data\Azureus\downloads.config.bak
c:\documents and settings\goof\Application Data\Azureus\friends.config
c:\documents and settings\goof\Application Data\Azureus\friends.config.bak
c:\documents and settings\goof\Application Data\Azureus\ipfilter.cache
c:\documents and settings\goof\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\AutoSpeedSearchHistory_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\goof\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.CMsgr_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.emp_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\goof\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\goof\Application Data\Azureus\media\azpd\2W4QB3RAMOQUWSGY6EP4HD7IRJ47U4WX.azpd
c:\documents and settings\goof\Application Data\Azureus\media\azpd\LN5YSJOI3JU3333EPEVIB6OCONUEM4UH.azpd
c:\documents and settings\goof\Application Data\Azureus\metasearch.config
c:\documents and settings\goof\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\goof\Application Data\Azureus\net\pm_14728.dat
c:\documents and settings\goof\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.11.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.11.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.14.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.14.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.28.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.28.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.30.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.30.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.32.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azemp_2.0.32.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azmplay.exe
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\azmplay.exe.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\cp1250-a.raw
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\cp1250-b.raw
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\font.desc
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\font.desc.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\mplayer\config
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\osd-mplayer-a.raw
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\osd-mplayer-b.raw
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.11
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.14
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.28
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.30
c:\documents and settings\goof\Application Data\Azureus\plugins\azemp\plugin.properties_2.0.32
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\plugin.properties
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.0
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\documents and settings\goof\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\documents and settings\goof\Application Data\Azureus\sidebarauto.config
c:\documents and settings\goof\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\goof\Application Data\Azureus\subs\01D7FB72F0883670E7C6.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\09A4EF071DB008D2F8DB.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\177D97ABD20DFF1C1109.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\1B103E481901B43A0BB7.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\23874448F3148CDD35E7.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\75073EF5A9EA448FA71D.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\8060C3313C66DF45F383.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\87ADF8E41A1DB5628FEF.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\895A308B0AAAD5DA3C8E.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\A2A76BEDB56D75EE5957.vuze
c:\documents and settings\goof\Application Data\Azureus\subs\F97CBF6CF396D97331C4.vuze
c:\documents and settings\goof\Application Data\Azureus\subscriptions.config
c:\documents and settings\goof\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\goof\Application Data\Azureus\tables.config
c:\documents and settings\goof\Application Data\Azureus\tables.config.bak
c:\documents and settings\goof\Application Data\Azureus\timingstats.dat
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60291.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60292.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60293.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60294.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60295.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60296.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60297.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60298.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60299.tmp
c:\documents and settings\goof\Application Data\Azureus\tmp\AZU60300.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\[isoHunt] Futurama season 1-5 (complete) + extras [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\[isoHunt] Garry________s_Mod_10.3995560.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\[isoHunt] gmod 10.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\[PC]Tom.Clancys.Splinter.Cell.Double[EUR][TmasGames.com] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\[PC_Game]_DOOM_3_(Extract_and_Play).4491680.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\_Girls Gone Wild Best Breasts Ever 2 PPV DSR XviD-CRiMSON.torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\_Girls.Gone.Wild.-.College.Girls.2.-.PPV.DSRip.XviD [myBittorrent.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\=[SUMOTorrent.com]=_World_Of_Warcraft_multi-hack_(WoWInfinity)_zip_ST1417289.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\1_Night_In_Paris_DVDrip_XXX-Swe6rus.mpg.3964134.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\300[2006]DvDrip[Eng]-aXXo.3884153.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Adobe_Photoshop_7.0_with_Serial.3919713.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\American History X 1998 XviD DVDRip [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Audiosurf [PC] [English] [www SpaTorrent com].torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\AZ_17113.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\AZ_27821.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\AZ_27823.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU10550.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU10853.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU11545.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU1175.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU20161.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU20167.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU21210.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU21213.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU22745.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU22747.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU23124.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU2322.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU2324.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU29029.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU29035.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU31879.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU43659.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU43661.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU46050.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU46052.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU46661.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU46663.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU46881.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU50837.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU52488.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU52492.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU53272.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU53274.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU53379.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU53384.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU56185.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU56188.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU56945.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU56949.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU57099.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU57102.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU58336.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU58654.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU62135.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU64194.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU64198.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU7253.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU7852.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU7855.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU7859.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\AZU7861.tmp
c:\documents and settings\goof\Application Data\Azureus\torrents\Basshunter - All I Ever Wanted [LN5YSJOI3JU3333EPEVIB6OCONUEM4UH].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\BassHunter_-_The_Bassmachine_2004[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Battlefield 1942 serial included.rar [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\breakingbenjamin [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Brian Kopps 1-70 Alliance Guide [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Cloverfield[2008]DvDrip[Eng]-FXG [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Cracked_WoWInfinity_Hack_Version_1.1.9b[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Crazy Taxi 2.rar.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\CRAZY TAXI PC Version of Classic Arcade Game (B@WBAG).zip [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Ctrl_Alt_Del_(animated_series_ep_1_-_12).3721870.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\DC - Jet Set Radio(nonboot)(CDI)www.emuparadise.org.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fall Out Boy - All Albums [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fall Out Boy - Discography [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fall out boy [Discografy-Discografia][colombo-bt.org] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fallout.Collection.Internal+-+SKIDROW+%283552084%29.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\fearcombat_en_107.exe [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Flobots_-_Fight_With_Tools.4087729.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Foo_Fighters_-_Discography_(7_Albums) [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fraps 2.9.4 Build 7037 [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fraps_2.9.4_Registered_-_TheOneX.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Fuck_Team_Five_-_Dasani_Luna_And_Monique.4269280.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Garry's Mod 10 [Non-Steam] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Garry's Mod 10 Standalone (Non Steam) [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls Gone Wild Best Breasts Ever 2 PPV DSR XviD-CRiMSON.torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls Gone Wild Freshman Orientation 2 PPV DSRip XviD-aAF[www btmon com].torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.-.College.Girls.2.-.PPV.DSRip.XviD [myBittorrent.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.Best.Breasts.Ever.PPV.DSR.XviD-CRiMSON564063041613.083[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.Coed.Tryouts.2.PPV.DSRip.XviD.torrent[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.College.Girls.2.PPV.DSRip.XviD-aAF[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.Freshman.Class.PPV.DSRip.XviD-aAF[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Girls.Gone.Wild.Freshman.Orientation.2.PPV.DSRip.XviD-aAF[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Goldfinger-Album Discography Minus Best Of [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Good Charlotte Discography [320Kbps][www.funfile.org] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Good_Charlotte-Discography-320Kbps-ARASH70 [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Green Day.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\GTA San Andreas (pc games) with crack (Decrypt) [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Guns n Roses [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Half-Life_2_-_Raising_the_Bar_(ebook).pdf.3507279.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Halo 2 [PC Game Xp - Vista] [ENG ITA] [By TNTVillage.org] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\HL2 - Beta (Half life 2 beta).torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\HL2_-_Beta_(Half_life_2_beta).3426424.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Hollywood Undead-Never Going Down zip.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\LEGO.Batman-ViTALiTY [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Lostprophets - Discography [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Me, Myself & Irene (2000) [Eng] [DVDrip] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Monsters_of_Cock_-_Fun_fucking_in_the_sun_with_Maya_and_Gisselle.4240915.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Music_Basshunter_-_LOL[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\o{SUMOTorrent.com}o_Garrys_Mod_Addons_Pack_ST1218649.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Papa Roach - The 11 Albums [+MostCovers][AllMP3@320kbps][DeadPoetRIP]@H33T com.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Penny.Arcade.Adventures.On.the.Rain-Slick.Precipice.of.Darkness..4200936.TPB-3.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Penny.Arcade.Adventures.On.the.Rain-Slick.Precipice.of.Darkness.Episode.1.v1.0-TE[www.btmon.com].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Penny.Arcade.Adventures.On.the.Rain-Slick.Precipice.of.Darkness.Episode.1.v1.0.zip [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Pirates Of The Caribbean At Worlds End [English][PCDVD][WwW.GamesTorrents.CoM] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Red_Hot_Chili_Peppers_-_Discography_(1984-2006)_[FLAC].3862275.TPB [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E03.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E05.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E06.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E07.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E08.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E09.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot.Chicken.S03E10.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot_Chicken_S03E11.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Robot_Chicken_S03E12.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Sam_and_max_season_2 [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Sam_and_max_season_2_episode_1_to_3_crack_only.4043781.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Security [2W4QB3RAMOQUWSGY6EP4HD7IRJ47U4WX].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Seether - Complete Discography [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Semi-Pro[2008]DvDrip AC3[Eng]-FXG [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Soul Calibur (U).torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Splinter Cell - Pandora Tomorrow PC (www.softzone.org) [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Sum 41.torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\The killers - all albums [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\The Simpsons - Season 7 Complete [DVDRIP VP7 KEGGERMAN] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\The Simpsons Hit & Run (PC)[www.funfile.org] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\The.Mist.2007.DvDRip.Eng-FxM [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\The_Colbert_Report_July-_Dec_2007_[complete].3960067.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Three Days Grace ALL ALBUMS.torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Tom Clancy's Splinter Cell Chaos Theory [PC] [EN] [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Tony Hawks American Wasteland PC DVD demonshell.com.torrent -moNova.org- .torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Twistys.Tiffany2.XXX.[SiteRip][GoldenPirates].4018647.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\Useful_Garrys_Mod_Addons.3865375.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\World of Warcraft Movie - Tales of the Past 3 (Xvid).avi [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\World of Warcraft Multi-Hack (WoWInfinity 1.2.0).torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\World Of Warcraft WOW Gold Guides #39 Guides so far! [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\World.of.Goo-SKIDROW [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\WoW Brian Kopp's 1-70 Alliance Leveling (Updated for Patch 2.3.2) GUIDE.rar [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\WoW_Alliance_Leveling_Guide_1-70.3915190.TPB.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\ZeldaOoT_22656.torrent
c:\documents and settings\goof\Application Data\Azureus\torrents\zps_fullbuild_v1.2b [mininova].torrent
c:\documents and settings\goof\Application Data\Azureus\tracker.config
c:\documents and settings\goof\Application Data\Azureus\tracker.config.bak
c:\documents and settings\goof\Application Data\Azureus\unsentdata.config
c:\documents and settings\goof\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\goof\Application Data\Azureus\update.log
c:\documents and settings\goof\Application Data\Azureus\update.properties
c:\documents and settings\goof\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\goof\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\goof\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\goof\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Azureus
c:\program files\Azureus\aereg.dll
c:\program files\Azureus\Azureus.exe
c:\program files\Azureus\Azureus.exe.manifest
c:\program files\Azureus\Azureus2.jar
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\ChangeLog.txt
c:\program files\Azureus\javaw.exe.manifest
c:\program files\Azureus\License.txt
c:\program files\Azureus\msvcr71.dll
c:\program files\Azureus\plugins\azplugins\azplugins_1.9.1.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.0.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.jar
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.5.zip
c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.5
c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupdater\Updater.jar.bak
c:\program files\Azureus\swt-about.html
c:\program files\Azureus\swt-awt-win32-3139.dll
c:\program files\Azureus\swt-awt-win32-3232.dll
c:\program files\Azureus\swt-awt-win32-3318.dll
c:\program files\Azureus\swt-gdip-win32-3139.dll
c:\program files\Azureus\swt-gdip-win32-3232.dll
c:\program files\Azureus\swt-gdip-win32-3318.dll
c:\program files\Azureus\swt-wgl-win32-3232.dll
c:\program files\Azureus\swt-wgl-win32-3318.dll
c:\program files\Azureus\swt-win32-3139.dll
c:\program files\Azureus\swt-win32-3232.dll
c:\program files\Azureus\swt-win32-3318.dll
c:\program files\Azureus\swt.jar
c:\program files\Azureus\Uninstall.exe
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.11.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.11.exe
c:\program files\LimeWire\clink.jar
c:\program files\LimeWire\commons-httpclient.jar
c:\program files\LimeWire\commons-logging.jar
c:\program files\LimeWire\commons-net.jar
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\daap.jar
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\donotremove.htm
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\hashes
c:\program files\LimeWire\hs_err_pid2776.log
c:\program files\LimeWire\hs_err_pid3112.log
c:\program files\LimeWire\hs_err_pid3124.log
c:\program files\LimeWire\hs_err_pid3148.log
c:\program files\LimeWire\hs_err_pid3264.log
c:\program files\LimeWire\hs_err_pid3460.log
c:\program files\LimeWire\hs_err_pid3492.log
c:\program files\LimeWire\hs_err_pid352.log
c:\program files\LimeWire\hs_err_pid364.log
c:\program files\LimeWire\hs_err_pid3696.log
c:\program files\LimeWire\hs_err_pid3708.log
c:\program files\LimeWire\hs_err_pid3884.log
c:\program files\LimeWire\hs_err_pid3968.log
c:\program files\LimeWire\hs_err_pid4048.log
c:\program files\LimeWire\hs_err_pid4092.log
c:\program files\LimeWire\hs_err_pid4256.log
c:\program files\LimeWire\hs_err_pid4280.log
c:\program files\LimeWire\hs_err_pid5592.log
c:\program files\LimeWire\hs_err_pid848.log
c:\program files\LimeWire\hs_err_pid988.log
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\icu4j.jar
c:\program files\LimeWire\id3v2.jar
c:\program files\LimeWire\install.log
c:\program files\LimeWire\jcraft.jar
c:\program files\LimeWire\jl011.jar
c:\program files\LimeWire\jmdns.jar
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\LimeWire.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\log4j.jar
c:\program files\LimeWire\log4j.properties
c:\program files\LimeWire\looks.jar
c:\program files\LimeWire\MessagesBundle.properties
c:\program files\LimeWire\MessagesBundles.jar
c:\program files\LimeWire\mp3sp14.jar
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\ProgressTabs.jar
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\themes.jar
c:\program files\LimeWire\tritonus.jar
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\program files\LimeWire\update.ver
c:\program files\LimeWire\vorbis.jar
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\WindowsV5PlusUtils.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\LimeWire\xml.war
c:\program files\Soulseek
c:\program files\Soulseek\attributes.cfg
c:\program files\Soulseek\attrstrings.cfg
c:\program files\Soulseek\autoaway.cfg
c:\program files\Soulseek\chatrooms.cfg
c:\program files\Soulseek\chatui.cfg
c:\program files\Soulseek\dlbans.cfg
c:\program files\Soulseek\extensions.cfg
c:\program files\Soulseek\hotlist.cfg
c:\program files\Soulseek\ignores.cfg
c:\program files\Soulseek\login.cfg
c:\program files\Soulseek\message.wav
c:\program files\Soulseek\pchat.cfg
c:\program files\Soulseek\port.cfg
c:\program files\Soulseek\queue.cfg
c:\program files\Soulseek\queue2.cfg
c:\program files\Soulseek\rcmnd.cfg
c:\program files\Soulseek\Readme.txt
c:\program files\Soulseek\save.cfg
c:\program files\Soulseek\search.cfg
c:\program files\Soulseek\shared.cfg
c:\program files\Soulseek\slsk.exe
c:\program files\Soulseek\ticker.cfg
c:\program files\Soulseek\transfersview.cfg
c:\program files\Soulseek\ui.cfg
c:\program files\Soulseek\uninstall.exe
c:\program files\Soulseek\userinfo.cfg
c:\program files\Soulseek\usernotes.cfg
c:\program files\Soulseek\wishlist.cfg
c:\StubInstaller.exe
c:\windows\system32\dimoburi.dll
c:\windows\system32\drivers\a1a27fa.sys
c:\windows\system32\dutudari.dll
c:\windows\system32\gufulise.dll
c:\windows\system32\iradutud.ini
c:\windows\system32\kirenalo.dll
c:\windows\system32\lqvyyk.dll
c:\windows\system32\muzurimo.dll
c:\windows\system32\omiruzum.ini
c:\windows\system32\rcjtks.dll
c:\windows\system32\rebarali.dll
c:\windows\system32\rehotiza.dll
c:\windows\system32\tilufewa.dll
c:\windows\system32\yomoviya.dll

Oh_noes117 · Jan 18, 2009

Heres the last part

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_a1a27fa

((((((((((((((((((((((((( Files Created from 2008-12-18 to 2009-01-18 )))))))))))))))))))))))))))))))
.

2009-01-10 12:31 . 2009-01-10 12:31 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 21:33 . 2009-01-09 21:33 <DIR> d-------- c:\documents and settings\goof\.thumbnails
2009-01-09 21:32 . 2009-01-11 12:47 <DIR> d-------- c:\documents and settings\goof\.gimp-2.6
2009-01-09 21:31 . 2009-01-09 21:31 <DIR> d-------- c:\program files\GIMP-2.0
2009-01-09 21:31 . 2009-01-09 21:32 <DIR> d-------- c:\documents and settings\goof\.gegl-0.0
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\documents and settings\goof\Application Data\Malwarebytes
2009-01-09 17:26 . 2009-01-09 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-09 17:26 . 2009-01-04 18:41 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-09 17:26 . 2009-01-04 18:41 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-08 17:11 . 2009-01-08 17:11 <DIR> d-------- c:\documents and settings\goof\Application Data\cogad
2009-01-08 16:56 . 2009-01-08 16:56 46,080 --a------ c:\windows\system32\vtUmMebA.dll
2008-12-30 23:20 . 2009-01-18 10:57 4,096 --a------ c:\windows\system32\crash
2008-12-30 20:24 . 2008-12-31 16:37 <DIR> d-------- C:\SAMP
2008-12-30 14:45 . 2008-12-30 14:45 <DIR> d-------- c:\program files\Rockstar Games
2008-12-26 21:37 . 2008-12-26 21:37 <DIR> d-------- c:\documents and settings\goof\Application Data\Leadertech
2008-12-26 20:53 . 2008-12-26 21:40 <DIR> d-------- c:\program files\EA Sports
2008-12-26 20:53 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-26 20:53 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-26 17:07 . 2008-12-26 17:14 <DIR> d-------- c:\program files\GCFScape
2008-12-23 19:33 . 2008-12-28 22:28 <DIR> d-------- C:\HammerAutosave
2008-12-23 14:15 . 2008-12-23 14:15 <DIR> d-------- c:\program files\Microsoft Speech SDK 5.1
2008-12-23 14:04 . 2008-12-23 14:04 <DIR> d-------- c:\program files\Audacity
2008-12-22 11:13 . 2008-12-28 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania
2008-12-19 17:21 . 2008-12-19 17:21 <DIR> d-------- c:\program files\GOG.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-18 17:27 114,860,064 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-01-18 17:27 --------- d-----w c:\program files\Steam
2009-01-18 17:07 1,541,324 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-01-15 22:15 --------- d-----w c:\documents and settings\goof\Application Data\Hamachi
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-15 00:45 --------- d-----w c:\program files\Dl_cats
2009-01-11 17:43 --------- d-----w c:\documents and settings\goof\Application Data\gtk-2.0
2009-01-08 23:17 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-03 01:14 --------- d-----w c:\documents and settings\goof\Application Data\dvdcss
2008-12-30 19:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-26 21:11 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-14 18:09 --------- d-----w c:\program files\Hamachi
2008-12-13 23:56 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-12-13 04:47 --------- d-----w c:\program files\Crazy Machines
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-27 17:28 --------- d-----w c:\documents and settings\goof\Application Data\Apple Computer
2008-11-26 17:59 --------- d-----w c:\program files\Project64 1.6
2008-11-23 23:26 --------- d-----w c:\program files\Toribash
2008-11-21 20:08 --------- d-----w c:\documents and settings\Dann\Application Data\Subversion
2008-11-18 22:57 --------- d-----w c:\documents and settings\goof\Application Data\Viewpoint
2008-11-01 19:37 52,736 -c--a-w c:\windows\ipuninst.exe
2007-09-30 00:09 22,328 -c--a-w c:\documents and settings\Dann\Application Data\PnkBstrK.sys
2005-10-12 21:04 131,072 -c--a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
1601-01-01 00:12 63,760 --sha-w c:\windows\system32\feyavezi.dll
1601-01-01 00:12 63,760 --sha-w c:\windows\system32\vodarowo.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_17.36.22.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 -c----w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:53:04 2,137,600 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-01-16 00:04:55 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\system32\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\system32\browseui.dll
- 2008-06-23 16:11:40 151,040 ----a-w c:\windows\system32\cdfview.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\system32\cdfview.dll
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2009-01-15 22:18:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-17 22:00:29 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-15 22:18:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-17 22:00:29 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-17 22:01:02 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009011720090118\index.dat
- 2009-01-15 22:18:23 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-17 22:00:29 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\system32\danim.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\system32\danim.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:11:40 1,024,000 ----a-w c:\windows\system32\dllcache\browseui.dll
+ 2008-10-16 10:20:52 1,024,000 ----a-w c:\windows\system32\dllcache\browseui.dll
- 2008-06-23 16:11:40 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
+ 2008-10-16 10:20:42 151,040 ----a-w c:\windows\system32\dllcache\cdfview.dll
- 2008-07-19 02:10:48 94,920 ----a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
- 2008-06-23 16:11:42 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
+ 2008-10-16 10:20:45 1,054,208 ----a-w c:\windows\system32\dllcache\danim.dll
- 2008-06-23 16:11:43 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:11:43 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:11:43 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-06-23 09:53:58 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
+ 2008-10-15 14:18:21 18,432 ----a-w c:\windows\system32\dllcache\iedw.exe
- 2008-06-23 16:11:52 251,904 ----a-w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\system32\dllcache\iepeers.dll
- 2008-06-23 16:11:52 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\system32\dllcache\inseng.dll
- 2008-06-23 16:11:52 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2006-05-05 09:41:45 453,120 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:12:00 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:12:02 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:12:02 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 -c--a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\dllcache\msxml3.dll
- 2006-08-17 12:28:27 332,288 -c--a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:53:04 2,137,600 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 -c--a-w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:18:44 2,062,976 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 -c--a-w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 09:57:20 2,185,984 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:12:02 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\system32\dllcache\shdocvw.dll
- 2008-06-23 16:12:05 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\system32\dllcache\shlwapi.dll
- 2006-08-14 10:34:41 332,928 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 11:57:21 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
- 2006-08-21 14:52:08 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-06-23 16:12:06 618,496 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:12:08 667,136 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 10:20:49 667,648 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\drivers\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
- 2008-06-23 16:11:43 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 10:20:45 357,888 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:11:43 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 10:20:45 205,312 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:11:43 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 10:20:46 55,808 ----a-w c:\windows\system32\extmgr.dll
- 2009-01-01 16:25:17 216,064 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 01:46:06 216,064 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\gdi32.dll
+ 2008-10-23 13:01:36 283,648 ----a-w c:\windows\system32\gdi32.dll
- 2008-06-23 16:11:52 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2008-10-16 10:20:46 251,904 ----a-w c:\windows\system32\iepeers.dll
- 2008-06-23 16:11:52 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2008-10-16 10:20:46 96,256 ----a-w c:\windows\system32\inseng.dll
- 2008-06-23 16:11:52 16,384 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 10:20:50 16,384 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-06-23 16:11:58 3,067,392 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:27:54 3,067,392 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:12:00 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 10:20:50 449,024 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:12:02 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 10:20:46 146,432 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:12:02 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 10:20:46 532,480 ----a-w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2007-05-08 19:03:04 1,275,392 -c--a-w c:\windows\system32\msxml4.dll
+ 2008-09-30 21:43:34 1,286,152 ----a-w c:\windows\system32\msxml4.dll
- 2007-05-15 19:43:10 1,320,800 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-30 01:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2007-07-30 23:19:10 271,224 ----a-w c:\windows\system32\mucltui.dll
+ 2008-10-16 19:06:48 268,648 ----a-w c:\windows\system32\mucltui.dll
- 2007-07-30 23:19:04 207,736 ----a-w c:\windows\system32\muweb.dll
+ 2008-10-16 19:06:48 208,744 ----a-w c:\windows\system32\muweb.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 09:15:59 2,017,280 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:18:46 2,020,864 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:53:04 2,137,600 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 09:55:01 2,142,720 ----a-w c:\windows\system32\ntoskrnl.exe
- 2009-01-15 22:27:08 89,970 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-18 17:28:29 89,970 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-15 22:27:08 490,598 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-18 17:28:29 490,598 ----a-w c:\windows\system32\perfh009.dat
- 2008-06-23 16:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 10:20:46 39,424 ----a-w c:\windows\system32\pngfilt.dll
- 2008-06-23 16:12:05 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
+ 2008-10-16 10:20:48 1,499,136 ----a-w c:\windows\system32\shdocvw.dll
- 2008-06-23 16:12:05 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 10:20:51 474,112 ----a-w c:\windows\system32\shlwapi.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
- 2007-11-30 12:39:22 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2006-08-21 14:52:08 246,814 -c--a-w c:\windows\system32\strmdll.dll
+ 2008-10-03 10:15:47 247,326 ----a-w c:\windows\system32\strmdll.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-06-23 16:12:06 618,496 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 10:20:53 619,008 ----a-w c:\windows\system32\urlmon.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2008-06-23 16:12:08 667,136 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 10:20:49 667,648 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
- 2008-07-19 02:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 19:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 02:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 02:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 19:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 02:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 02:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 02:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 19:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2008-07-03 09:14:02 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-10-15 14:00:41 351,744 ----a-w c:\windows\system32\xpsp3res.dll
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{157d3ec4-5125-48a2-af75-3a1303905ab5}]
c:\windows\system32\maligoha.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 73728]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-22 19:08 450646 c:\windows\system32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^goof^Start Menu^Programs^Startup^FIFA 09 Registration.lnk]
path=c:\documents and settings\goof\Start Menu\Programs\Startup\FIFA 09 Registration.lnk
backup=c:\windows\pss\FIFA 09 Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^goof^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\goof\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^goof^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\goof\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-03 17:29 165784 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-21 01:40 430080 c:\program files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2006-05-03 02:12 98304 c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a--c--- 2005-08-12 15:16 1121792 c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 09:12 695808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a--c--- 2005-06-03 06:16 81920 c:\progra~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2007-02-13 13:29 35328 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 16:05 919016 c:\program files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"Norton Ghost"=2 (0x2)
"MskService"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"McDetect.exe"=2 (0x2)
"GEARSecurity"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"tmproxy"=2 (0x2)
"TmPfw"=2 (0x2)
"Tmntsrv"=2 (0x2)
"PcScnSrv"=3 (0x3)
"PcCtlCom"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ZuneNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"vsmon"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"ServiceLayer"=3 (0x3)
"OpenCASE Media Agent"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dlcc_device"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fire_angelaok@yahoo.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\fire_angelaok@yahoo.com\\half-life\\hl.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\OpenCASE\\OpenCASE Media Agent\\MediaAgent.exe"=
"c:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSuite.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclUSBSrv.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"25050:UDP"= 25050:UDP:GabeNet

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-04-30 96520]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-12-19 21920]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-04-30 76040]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-21 873752]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-21 231192]
S4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [2007-11-06 810632]
S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2006-06-09 61526]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-11-28 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1de4dc6-0526-11db-9a7e-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-18 c:\windows\Tasks\zyoloquk.job
- c:\windows\system32\rundll32.exe [2004-08-04 04:00]
.
- - - - ORPHANS REMOVED - - - -

BHO-{d000d327-e8af-4341-b6a6-446720e855d8} - c:\windows\system32\rcjtks.dll

.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - ?p=ZNfox000
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\goof\Application Data\Mozilla\Firefox\Profiles\trjv6lz5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 12:27:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1922755085-1678472594-1395284061-1012\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f3,d3,f4,65,81,24,90,30,ec,d7,0a,62,f5,6d,e1,ac,d5,5a,f4,16,24,24,23,
02,d5,c1,18,12,d6,2d,5e,df,5c,42,4a,e7,cc,4d,b1,83,99,ac,bc,c5,49,66,b9,a3,\
"??"=hex:12,16,8f,09,97,e9,30,18,d9,17,0c,8c,a2,8f,69,69

[HKEY_USERS\S-1-5-21-1922755085-1678472594-1395284061-1012\Software\SecuROM\License information*]
"datasecu"=hex:93,97,79,1e,e6,da,64,54,1b,40,9e,53,ea,51,6a,30,be,ab,3c,a3,20,
02,65,cf,fe,c3,7c,4d,c0,06,a4,5c,db,fa,ee,1b,06,db,b3,79,ad,d4,36,f5,51,c5,\
"rkeysecu"=hex:40,1e,c4,83,e6,ca,26,68,52,74,9c,ec,57,f6,a8,56
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\PRISMAPI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\system32\PRISMSVR.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-01-18 12:34:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-18 17:34:50
ComboFix2.txt 2009-01-15 22:37:37

Pre-Run: 11,523,350,528 bytes free
Post-Run: 11,512,496,128 bytes free

995 --- E O F --- 2009-01-16 00:07:28

Oh_noes117 · Jan 18, 2009

And heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:29 PM, on 1/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {157d3ec4-5125-48a2-af75-3a1303905ab5} - C:\WINDOWS\system32\maligoha.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6267 bytes

Shaba · Jan 19, 2009

I see that you have uninstalled AVG.

Please reinstall it and post back a fresh HijackThis log

Oh_noes117 · Jan 20, 2009

Hey Shaba

Reinstalled AVG and got HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:48 PM, on 1/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {157d3ec4-5125-48a2-af75-3a1303905ab5} - C:\WINDOWS\system32\maligoha.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: {312f14f2-8f05-fbfa-5034-186016c1fa45} - {54af1c61-0681-4305-afbf-50f82f41f213} - C:\WINDOWS\system32\hpuold.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [gerulisoko] Rundll32.exe "C:\WINDOWS\system32\pegeseyi.dll",s
O4 - HKLM\..\Run: [CPMb3ddb32d] Rundll32.exe "c:\windows\system32\diduwada.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZNfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dann\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\gakilime.dll hpuold.dll c:\windows\system32\diduwada.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\diduwada.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\diduwada.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7398 bytes

Shaba · Jan 20, 2009

And it looks like that you have been reinfected.

Please rerun combofix, update it if it asks so and post back its log and a fresh HijackThis log.

Shaba · Jan 24, 2009

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.

VirtuMonde Help

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Oh_noes117

New member

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Oh_noes117

New member

Shaba

Security Expert: Emeritus

Shaba

Security Expert: Emeritus