PDA

View Full Version : Spybot won't run...



Dburnell
2008-10-26, 21:16
It appears that I have a similar issue as a couple other people that posted. Spybot won't run (normal or safe-mode). This started yesterday sometime as I was able to run scan Friday night. I began to try to fix by unistalling and re-installing Spybot. I was initially unable to even get to your website. I ran Lavasoft Adware, after which I was able to re-download Spybot and install, but it won't run. I installed and tried to run HJT also, it seems to have installed ok but won't run.

I also had a red X showed up yesterday that tries to download "AntispywareXP 2009" if it is clicked on.

Shaba
2008-10-27, 10:33
Hi Dburnell

Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware

Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Post:

- mbam log
- HijackThis log (if you now can run it)

Dburnell
2008-10-27, 17:13
Shaba,

Thank you for the help. This stuff sure is frustrating. Below is the MBAM log and then the HJT log.


----------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.30
Database version: 1328
Windows 5.1.2600 Service Pack 3

10/27/2008 7:45:01 AM
mbam-log-2008-10-27 (07-45-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 150352
Time elapsed: 37 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 43
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 53

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iehlpr32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\main.bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8e3c68cd-f500-4a2a-8cb9-132bb38c3573} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.tb (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6c45bab3-2a03-44a0-b2de-d6850cdd29b0} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c3614386-3a1b-42c9-a1eb-845e109346a1} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d83a7b12-a4d4-4984-8f72-d41c6b4c1e6e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.tb.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrlwarning.warningbho (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\vrlwarning.warningbho.1 (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\w123.w123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{95325092-62fc-473b-b32a-ae613278855b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95325092-62fc-473b-b32a-ae613278855b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\w123.w123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0dcd4f35-9fd5-420b-a9aa-fed0e2aecee0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a0e1054b-01ee-4d57-a059-4d99f339709f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{b0e43034-50f5-1f84-8098-824b44f2dbc3} (Adware.AdMedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a3ed5288-f558-4f6e-8d5c-740cb6f89029} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{be1a344f-9ff5-4024-949b-52205e6db2d0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0dcd4f35-9fd5-420b-a9aa-fed0e2aecee0} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{144a6b24-0ebc-4d89-bf09-a06a718e57b5} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusrl2009 (Rogue.AVLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11f100d9-17f5-4a2d-9a8e-19f4fa780269} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\311496 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common\helper.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\eSoftware\studio.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\311496\311496.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP727\A0041977.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP741\A0045650.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP742\A0045667.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP744\A0045825.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP747\A0045888.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP747\A0045892.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP756\A0047141.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP756\A0047143.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP712\A0041582.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP712\A0041581.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP712\A0041595.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP712\A0041607.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP712\A0041608.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iehlpr32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.Sys) -> Quarantined and deleted successfully.
C:\U.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10802.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\algg.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSS68e9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\TDSS68f9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfub.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShrxm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxa.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSproc.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhyp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSvkql.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSpqxt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


-----------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:38 AM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O18 - Filter hijack: text/html - {11f100d9-17f5-4a2d-9a8e-19f4fa780269} - (no file)
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c8cccf4fec6c50) (gupdate1c8cccf4fec6c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.nationalgeographic.com/ngm/0101/images/feature2_6.jpg

--
End of file - 10174 bytes

Shaba
2008-10-27, 17:24
Yes, there was one nasty rootkit and some its "friends" which prevented tools to work.

Download beep.sys from here (http://andymanchesta.com/Files/XP/beep.sys) and copy it to C:\WINDOWS\system32\drivers
C:\WINDOWS\system32\dllcache folders.

After that:

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

Especially important one is TeaTimer.

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

Dburnell
2008-10-28, 06:33
Shaba,

I ran ComboFix, but McAfee popped up several times. I let this subscription lapse quite some time ago and the program won't let me do anything (turn functions on/off or access it) without re-installing it...I hope that it did not get in the way of anything here. Below are the log files. I have to go out of town on business in a few hours and will not be back until the weekend, so when I don't respond immeadiately to your next post, please understand. Thank you again for the help.

Thanks,

David

----------------------------------------------------------------


ComboFix 08-10-27.03 - Owner 2008-10-27 21:11:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1464 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\figaro.sys
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-28 )))))))))))))))))))))))))))))))
.

2008-10-27 07:00 . 2008-10-27 07:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 07:00 . 2008-10-27 07:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-27 07:00 . 2008-10-27 07:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 07:00 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 07:00 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 17:55 . 2008-10-26 17:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 11:28 . 2008-10-26 11:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 11:28 . 2008-10-26 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 00:36 . 2008-10-26 00:36 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-25 22:28 . 2008-10-26 00:14 164 --a------ C:\WINDOWS\system32\TDSSmtvd.dat
2008-10-23 21:00 . 2008-10-15 09:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-18 22:12 . 2008-10-18 22:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-18 22:11 . 2008-10-18 22:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-18 22:11 . 2008-10-18 22:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-18 22:11 . 2008-10-18 22:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-18 22:09 . 2008-10-18 22:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-18 20:49 . 2008-10-18 20:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-18 20:48 . 2008-10-18 20:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 19:48 . 2008-10-18 19:48 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-18 19:48 . 2008-10-18 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-18 19:48 . 2008-10-18 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-18 19:19 . 2008-10-18 20:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-15 03:49 . 2008-09-08 03:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 03:48 . 2008-08-14 03:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 03:48 . 2008-08-14 03:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 03:48 . 2008-08-14 02:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 03:48 . 2008-08-14 02:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 03:48 . 2008-09-15 05:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 17:57 . 2008-10-14 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-11 20:12 . 2008-10-11 20:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 11:38 . 2008-10-09 11:38 44,544 --a------ C:\Documents and Settings\All Users\mjvC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-27 14:46 13,452 ----a-w C:\WINDOWS\system32\drivers\mbam-log-2008-10-27 (07-45-01).txt
2008-10-27 14:45 --------- d-----w C:\Program Files\eSoftware
2008-10-27 14:45 --------- d-----w C:\Program Files\Common
2008-10-22 17:28 --------- d-----w C:\Program Files\World of Warcraft
2008-10-22 13:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-10-19 17:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-10-19 03:49 --------- d-----w C:\Program Files\Lavasoft
2008-10-19 03:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-10-11 17:17 14,704 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-10-09 00:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-09-10 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-16 16:18 22 ----a-w C:\pics01.zip
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,776 2005-06-23 17:31:54 C:\Program Files\America Online 9.0\bak\AOL.EXE

----a-w 125,528 2004-11-03 21:03:00 C:\Program Files\Common Files\AOL\1139343492\EE\bak\AOLHostManager.exe

----a-w 139,264 2005-08-27 13:09:28 C:\Program Files\Digital Media Reader\bak\readericon45G.exe

----a-w 267,064 2007-09-26 21:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 17:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 110,592 2005-09-26 18:26:58 C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe

----a-w 1,121,792 2005-08-12 23:16:44 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 01:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 19:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-12 00:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-09 01:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 20:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 06:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 600,896 2006-07-07 23:15:07 C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe

----a-w 5,419,008 2007-05-30 01:34:50 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 06:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 49,152 2003-05-08 18:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe

----a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 4,662,776 2006-12-01 05:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe

----a-w 407,032 2006-07-21 18:43:10 C:\Program Files\Yahoo!\YOP\bak\yop.exe

----a-w 64,512 2005-08-06 04:56:34 C:\WINDOWS\ehome\bak\ehtray.exe

----a-w 15,360 2004-08-10 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 86016]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [N/A]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [N/A]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [N/A]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [N/A]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [N/A]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [N/A]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [N/A]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HostManager"="C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe" [N/A]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-02-07 2168360]
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe [2008-04-05 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139343492\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [2007-12-24 14336]
S2 gupdate1c8cccf4fec6c50;Google Update Service (gupdate1c8cccf4fec6c50);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [2007-12-24 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7855b9a1-9814-11da-9eba-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9128207b-7b98-11dc-8cce-0015581f649b}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3053969-9822-11da-b84e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-10-23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-10-28 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 18:15]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,SearchMigratedDefaultURL = hxxp://www.google.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O8 -: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk -

O16 -: ChatSpace Full Java Client 4.0.0.320 - hxxp://69.65.108.158/Java/cfs40320.cab
C:\WINDOWS\Downloaded Program Files\ChatSpace Full Java Client 4.0.0.320.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-27 21:14:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee.com\Agent\Mcdetect.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\McAfee.com\VSO\McShield.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee.com\Agent\McTskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-10-27 21:19:10 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-10-28 04:19:06

Pre-Run: 181,702,860,800 bytes free
Post-Run: 181,764,882,432 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

240 --- E O F --- 2008-10-26 15:29:56


------------------------------------------------------------------

HJT


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:29 PM, on 10/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c8cccf4fec6c50) (gupdate1c8cccf4fec6c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.nationalgeographic.com/ngm/0101/images/feature2_6.jpg

--
End of file - 9478 bytes

Shaba
2008-10-28, 15:37
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Dburnell
2008-11-01, 06:43
Here is the file

Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AT&T Yahoo! Applications
BigFix
Browser Address Error Redirector
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Digital Media Reader
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
Easy-WebPrint
forteManager
Google Gears
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 2
LimeWire 4.16.6
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Napster
Napster Burn Engine
NVIDIA Drivers
PhotoFiltre
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
Quicken 2008
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
SBC Yahoo! DSL Activation
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft

Shaba
2008-11-01, 11:56
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.16.6

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.

Dburnell
2008-11-01, 18:01
Shaba,

Limewire is uninstalled. Here's new HJT uninstall list. Am I "clean" now?

Ad-Aware
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11
AIM 6
AIM Toolbar 5.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
AT&T Yahoo! Applications
BigFix
Browser Address Error Redirector
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Digital Media Reader
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
Easy-WebPrint
forteManager
Google Gears
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 2
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Napster
Napster Burn Engine
NVIDIA Drivers
PhotoFiltre
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
Quicken 2008
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
SBC Yahoo! DSL Activation
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Soft Data Fax Modem with SmartCP
Sonic Encoders
Spybot - Search & Destroy
The Sims 2
The Sims 2 Nightlife
The Sims 2 University
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Backup Utility
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
World of Warcraft

Shaba
2008-11-01, 18:42
No, not yet but looking better.

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSmtvd.dat

Folder::
C:\Program Files\LimeWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Dburnell
2008-11-02, 23:05
Here are the logs. I wasn't sure if you wanted a HJT unistall list or a HJT scan log, so I attached both.

ComboFix 08-10-27.03 - Owner 2008-11-02 12:50:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1431 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\TDSSmtvd.dat
C:\WINDOWS\system32\TDSSosvd.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\LimeWire
C:\Program Files\LimeWire\jl011.jar.tmp
C:\Program Files\LimeWire\lib\jl011.jar
C:\Program Files\LimeWire\lib\MessagesBundles.jar
C:\Program Files\LimeWire\lib\mp3sp14.jar
C:\Program Files\LimeWire\lib\UnpackedJars.7z
C:\Program Files\LimeWire\lib\vorbis.jar
C:\Program Files\LimeWire\MessagesBundles.jar.tmp
C:\Program Files\LimeWire\mp3sp14.jar.tmp
C:\Program Files\LimeWire\vorbis.jar.tmp
C:\Program Files\LimeWire\xml.war
C:\WINDOWS\system32\TDSSmtvd.dat
C:\WINDOWS\system32\TDSSosvd.dat

.
((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 06:00 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-27 06:00 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-26 16:55 . 2008-10-26 16:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-26 10:28 . 2008-10-26 10:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 10:28 . 2008-10-26 10:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 20:00 . 2008-10-15 08:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-18 21:12 . 2008-10-18 21:12 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- C:\WINDOWS\system32\bits
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-18 21:09 . 2008-10-18 21:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-10-18 19:49 . 2008-10-18 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-18 19:48 . 2008-10-18 19:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-18 18:48 . 2008-10-18 18:48 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-18 18:48 . 2008-10-18 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-18 18:48 . 2008-10-18 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-18 18:19 . 2008-10-18 19:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-10-15 02:49 . 2008-09-08 02:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 02:48 . 2008-08-14 02:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 02:48 . 2008-08-14 02:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 02:48 . 2008-08-14 01:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 02:48 . 2008-08-14 01:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 02:48 . 2008-09-15 04:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 16:57 . 2008-10-14 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-11 19:12 . 2008-10-11 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-09 10:38 . 2008-10-09 10:38 44,544 --a------ C:\Documents and Settings\All Users\mjvC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 15:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-10-27 14:46 13,452 ----a-w C:\WINDOWS\system32\drivers\mbam-log-2008-10-27 (07-45-01).txt
2008-10-27 14:45 --------- d-----w C:\Program Files\eSoftware
2008-10-27 14:45 --------- d-----w C:\Program Files\Common
2008-10-22 17:28 --------- d-----w C:\Program Files\World of Warcraft
2008-10-22 13:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-10-19 03:49 --------- d-----w C:\Program Files\Lavasoft
2008-10-19 03:49 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-10-11 17:17 14,704 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-10-09 00:18 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 01:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-16 16:18 22 ----a-w C:\pics01.zip
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-10-27_21.18.37.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 04:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 16:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 16:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
- 2008-10-19 05:39:57 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-02 14:42:51 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-19 05:39:57 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-02 14:42:51 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,776 2005-06-23 17:31:54 C:\Program Files\America Online 9.0\bak\AOL.EXE

----a-w 125,528 2004-11-03 21:03:00 C:\Program Files\Common Files\AOL\1139343492\EE\bak\AOLHostManager.exe

----a-w 139,264 2005-08-27 13:09:28 C:\Program Files\Digital Media Reader\bak\readericon45G.exe

----a-w 267,064 2007-09-26 21:42:04 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 17:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 110,592 2005-09-26 18:26:58 C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe

----a-w 1,121,792 2005-08-12 23:16:44 C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 01:29:08 C:\Program Files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 19:05:42 C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-12 00:00:56 C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-09 01:18:22 C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 20:49:20 C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 06:02:44 C:\Program Files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 600,896 2006-07-07 23:15:07 C:\Program Files\Microsoft IntelliPoint\bak\ipoint.exe

----a-w 5,419,008 2007-05-30 01:34:50 C:\Program Files\MySpace\IM\bak\MySpaceIM.exe

----a-w 286,720 2007-06-29 13:24:52 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 06:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 49,152 2003-05-08 18:00:58 C:\Program Files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe

----a-w 129,536 2006-07-22 00:19:46 C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 4,662,776 2006-12-01 05:49:04 C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe

----a-w 407,032 2006-07-21 18:43:10 C:\Program Files\Yahoo!\YOP\bak\yop.exe

----a-w 64,512 2005-08-06 04:56:34 C:\WINDOWS\ehome\bak\ehtray.exe

----a-w 15,360 2004-08-10 19:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 86016]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [N/A]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [N/A]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [N/A]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [N/A]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [N/A]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [N/A]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [N/A]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [N/A]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HostManager"="C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe" [N/A]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-02-07 2168360]
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe [2008-04-05 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1139343492\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 LGDDCDevice;LGDDCDevice;C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [2007-12-24 14336]
S2 gupdate1c8cccf4fec6c50;Google Update Service (gupdate1c8cccf4fec6c50);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 LGII2CDevice;LGII2CDevice;C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [2007-12-24 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7855b9a1-9814-11da-9eba-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9128207b-7b98-11dc-8cce-0015581f649b}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3053969-9822-11da-b84e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-10-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-02 C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 17:15]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 12:52:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-02 12:54:05
ComboFix-quarantined-files.txt 2008-11-02 20:53:54

Pre-Run: 182,303,711,232 bytes free
Post-Run: 182,337,695,744 bytes free

223 --- E O F --- 2008-10-26 15:29:56



--------------------------------------------------------------------------

HJT SCAN


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:35 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c8cccf4fec6c50) (gupdate1c8cccf4fec6c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.nationalgeographic.com/ngm/0101/images/feature2_6.jpg

--
End of file - 9484 bytes


--------------------------------------------------------------------------

HJT UNISTALL LIST

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:35 PM, on 11/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c8cccf4fec6c50) (gupdate1c8cccf4fec6c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.nationalgeographic.com/ngm/0101/images/feature2_6.jpg

--
End of file - 9484 bytes

Shaba
2008-11-03, 12:15
Yes, that is fine :)

Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

Dburnell
2008-11-05, 06:24
Shaba,

It's amazing what what they can bury into your computer. My kid will not be downloading P2P software anymore, these titles are embarssing! The trojan files are scary. Here's they log....


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3584 (20081105)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=7e86d2b14f7e9443ba0cfdad251a3284
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-05 04:13:40
# local_time=2008-11-04 08:13:40 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=455181
# found=12
# scan_time=5717
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\02 Track 2.wma WMA/TrojanDownloader.Wimad.L trojan 4B218DF1D7470C0888DB87E023364515
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\3oh3 - Punkbitch.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 10DD79D01A9DE1FB04C7525ACD466451
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\boats n hoes step brother .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EA1B34FC5085EDB362AE423E2D6939FE
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\brokencyde get crunk.mp3 WMA/TrojanDownloader.Wimad.N trojan 1A31AF52C42A4B385BFD1DC08CCDF7F2
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\german love starfucker 192kb.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 877A8EFFDC193DC9B8F00D08EFB9F298
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - bigcitydreams .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan A9277903B2C33C6BE47AD1B52AE8980B
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - BigCityDreams.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 28A36C89A59BF665B997B90E8DEEC172
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\TOTALLY HIP TRACK.wma WMA/TrojanDownloader.Wimad.D trojan 8785BC9847B722B138D2ABF3F04AD7E6
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\truth of deuce cute girl has orgasm on webcam.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 5C5208AFD01B0A2A20B4D28E04E13385
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved\yeah soulja boi.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan EEA0B9C995CC2CA19F9AEFFC15E3E9A8
C:\Program Files\Common\_helper.dll Win32/Adware.BHO.NEY application 8A562BAC43F0A7125CCA2F54ABFCD112
C:\Qoobox\Quarantine\C\WINDOWS\system32\dllcache\figaro.sys.vir Win32/Adware.UltimateDefender application 3BE90A3BAEC287517AE355B1B7003EF4

Shaba
2008-11-05, 11:54
Yes there is no easier way to get infected than using p2p in addition to what you said.

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\Program Files\Common\_helper.dll

Folder::
C:\Documents and Settings\Owner\My Documents\LimeWire\Saved


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Dburnell
2008-11-08, 22:59
Shaba,

Here's Part I of the ComboFix Log. Your server wouldn't let me post the entire log and the HJT Log. It said they had too many characters.

Part II and HJT Log on next post.

ComboFix 08-11-07.01 - Owner 2008-11-08 12:31:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1295 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\program files\Common\_helper.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\My Documents\LimeWire\Saved
c:\documents and settings\Owner\My Documents\LimeWire\Saved\ Britney Spears - Im A Slave For You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\01 Ex-Girlfriend.m4a
c:\documents and settings\Owner\My Documents\LimeWire\Saved\01 Fuck ya Man.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\02 Track 2.wma
c:\documents and settings\Owner\My Documents\LimeWire\Saved\03 - your sweet uncertainty - the shredder.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\04 - your sweet uncertainty - when the lights go dim.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\04 No Other Place.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\05 Forever.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\05 Oh, Goddamnit.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\06 Swallow The Knife.m4a
c:\documents and settings\Owner\My Documents\LimeWire\Saved\06 Young.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\08 This Love, This Hate.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\10-throw_the_fight-vital_signs.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\11 - M.I.A. - Paper Planes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\2 Live Crew - Me So Horny .mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\2. Step Up Soundtrack - Time To Dance (bout it).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3-6 three six mafia Project Pat - Don't Save Her.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3 6 - Three six Mafia - I Gotta Stay Fly.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3 6 Mafia - Three Six Mafia - Slob On My Knob.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3 6 Three Six Mafia - Tear Da Club Up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\37 How Am I To Be.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3- don't dance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3-DontTrustMe.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - Chokechain.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3OH3 - DANCE WITH ME.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - Holla Til You Pass Out.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - HOTT.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - I'm Not Comming to Your Party.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - Neatfreak.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 - Punkbitch.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3OH3 - RICHMAN.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\3oh3 Electroshock.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\69 boys - 69 Boyz - Here Kitty Kitty.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\69 Boys - Daisy Dukes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\80's - Cindy Lauper - True Colours.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\90s Music - 69 boyz - When I Dip You Dip We Dip.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Afro Man - Because I Got High.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Afro Man - Colt 45.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden- breathless.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - She Will Love You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - Darkness.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - Die Romantic.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - Goodbye We're Falling Fast.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - The Last Sunrise.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aiden - We Sleep Forever.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Akinyele - Just Put It In My Mouth.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{122049B0-CF13-4483-8ED3-4745C123B8A7}_Large.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{122049B0-CF13-4483-8ED3-4745C123B8A7}_Small.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{3BC99B9B-9972-4D05-A6E1-646598B62AB0}_Large.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{3BC99B9B-9972-4D05-A6E1-646598B62AB0}_Small.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{6F90B151-80B2-4B03-9F6C-05EC682B8D72}_Large.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{6F90B151-80B2-4B03-9F6C-05EC682B8D72}_Small.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{92F01D77-C3B4-4CBD-9F23-754453CBC6D6}_Large.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArt_{92F01D77-C3B4-4CBD-9F23-754453CBC6D6}_Small.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\AlbumArtSmall.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Alien Ant Farm - Smooth Criminal.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low- Sticks, Stones and Techno.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low- The Party Scene.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - Break Out.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - Coffee Shop Soundtrack.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - Dear Maria.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\all time low - I Can't Do The One Two Step.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - Six Feet Under The Stars.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - Umbrella.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - We All Fall Down.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\All Time Low - The Next Best Thing.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aqua - Barbie Girl (German Version) (Funny as HELL).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Aqua - Barbie Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Barcelona - It's About Time.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beach Boys - Little Surfer Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beach Boys - Wouldn't It Be Nice.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beastie Boys - Brass Monkey.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beastie Boys - Girls.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beastie Boys - Hey Ladies.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beastie Boys - Shake Your Rump.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beastie Boys - Sure Shot.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Beasty Boys - Beastie Boys - Fight For Your Right To Party.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\boats n hoes step brother .mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bob Marley - Everythings gonna be alright.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bob Marley - One Love.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bob marly - Bob Marley - Redemption song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\bob marly & lauren hill - bob marley - turn the lights down low.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bone Thugs N Harmony - Crossroads dr.dre, xzibit, eminem, 50 cent, tupac, g unit, weird al, blue collar, rap, the game, , lil wyte, bone thugs & harmo.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bratmobile - Bitch Theme.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bratmobile - Cool Schmool.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bratmobile - Love Thing.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - Gimme More.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - Hit Me Baby One More Time.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - I'm Not A Girl, Not Yet A Woman.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - Piece of me.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - Radar.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Britney Spears - Toxic.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde- Blue Steel.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\brokencyde- bree bree.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde- LOW (FLO RIDA).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - A Hofasho.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Band Tee.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Blue Steel.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Broken Microphones.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Drop Dead.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Freaxxx.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - I'm Sorry I am.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Jealousy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Kandyland.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Schizophrenia.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - Sex Toyz.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde - True Love.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencyde Crunk.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\brokencyde get crunk.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\brokeNCYDE!!! (NEW SONG) - GET CRUNK.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Brokencydee - 2Drunk 2 Drive.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\buckcherry - crazy bitch.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet for my valentine - 10 years today.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - All These Things I Hate.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Cries In Vain.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Curses.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Hand of Blood.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Hit The Floor.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Just Another Star.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - No Control.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Pokemon Screamo.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Room 409.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For MY Valentine - Scream, Aim and Fire.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Spit You Out.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Suffocating Under Words Of Sorrow.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Tears Dont Fall.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - The Poison.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Bullet For My Valentine - Turn To Despair.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden of a day - Anatomy of a Scene.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden Of A Day - Ashes To Ashes.Mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden Of A Day - Cupid Missed His Mark.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden of a Day - Found Hiding.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden Of A Day - Guinevierre Cries To....mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden Of A Day - No Blood No Foul.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden of a Day - The Fire.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Burden Of A Day - The Sound OF Solace.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - Another You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - Every Time We Touch.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - Everytime We Touch (Slow).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - I Will Believe It.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - Miracle.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cascada - What Hurts The Most.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chamillionare - Riding Dirty.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy- i'll miss the most.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy- I Need This More.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy- If the moon fell down tonight.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy- Slow Down.wav
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy- Take me Away From Here.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy - All Those Nights(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy - Lullaby.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chase Coy - Summer's Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - All Nereids Beware.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - Baby (acoustic).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - Baby, You Wouldn't Last A Minute On The Creek.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\chiodos - Lexington.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - Lindsay Quit Lollygagging.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - The Lover and The Liar.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - The Word Best Friend Become Redefined.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - There's No Penguins In Alaska.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - Vacation to Hell.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Chiodos - Were Gonna Have Us A Champagne Jam.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cindy lauper - 80s music - Cyndi Lauper - Time After Time.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cindy Lauper - All Through the Night.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Citizen Cope - If There's Love.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Citizen Cope - Let The Drummer Kick.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Citizen Cope - Sideways.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\cobra starship- Guilty pleasure.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cobra Starship - Hollaback Boy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cobra Starship - Send My Love To The Dancefloor.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\cobra starship - the city is at war.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cold Play - Coldplay - The Scientist.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cold Play - Talk.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Coldplay - One I Love.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Coldplay - Viva La Vida.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Coldplay - When I Ruled The World.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Coldplay - Yellow.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Crazy Town-Toxic.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Crazy Town - Butterfly.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Crime Mob - Rock Yo Hips.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cute Is What We Aim For - Color Me Cliche.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cute Is What We Aim For - Loser.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cute Is What We Aim For - Practice Makes Perfect.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Cute Is What We Aim For - Risque.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance- The Backwards Pumpkin Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - And I told Them I Invented Times New Roman.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Antlion.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Attack Of The Dashing Young And Bold.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - It's Safe To Say You Dig The Backseat.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Lemon Meringue Tie.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Open Your Eyes And Look North.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - She Makes Dirty Words Sound Pretty.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Strawberry Andre.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - The Backwards Pumpkin Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - The Importance Of Cocaine.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - The Rain In Vietnam.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - The Robot With Human Hair Pt. 1.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dance Gavin Dance - Whatever I Say Is Royal Ocean.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - Crappy Jobs.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - Hi Mom, I'm Gay.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - Monopoly.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - Price Is Right.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - Slip N Bleed.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dane Cook - The Finger.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dear Juliet - Never Change.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dear Juliet - Wounded.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Death Cab for Cutie - I Will Follow You Into the Dark.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Death Cab for Cutie - I Will Possess Your Heart.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Death Cab For Cutie - Soul Meets Body.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\desktop.ini
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Deuce-Hollyhood Vacation.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Dj Khaled Ft. T-Pain, Young Jeezy, Ludacris, Busta Rhymes, Big Boi, Lil Wayne, Birdman, Fat Joe & Rick Ross - I'm So Hood (Remix)(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead Gorgeous-Dressed For Friend Requests.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead Gorgeous - The Show Must Go On.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead, Gorgeous - Bullets Are Scene.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead, Gorgeous - Daniel, wheres the boat.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead, Gorgeous - Fashion Your Seatbelts.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Drop Dead, Gorgeous - In Vogue.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eagles - The Boys of Summer - Don Henley.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa-Armageddon.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - Casablanca.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - Heads or Tails Real Or Not.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - I Am Waves.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - Jesus Plays A Firebird.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - Just Another Marionette.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Emarosa - Set It Off Like Napalm.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Cleaning out my Closet.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Hailie's Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Like Toy Soilders.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Lose Yourself.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Mocking Bird.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - My Name Is.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Superman.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - Till I Colapse.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem - When I'm Gone.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem feat. Akon - Smack that.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eminem, Obie trice, Dmx - Go to sleep.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Everyday I'm Hustling - Rick Ross.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eyes Set To Kill - Bitter Pill.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eyes Set To Kill - Cover Me Up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Eyes Set To Kill - Liar In The Glass.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Feist - 1234.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Fergie - Clumsy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Flo Rida Feat. T-Pain - Get Low (Travis Barker Remix).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Folder.jpg
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Forever the Sickest Kids- Uh Huh.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Forever The Sickest Kids - Believe Me I'm Lying.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\forever the sickest kids - drama club romance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Forever The Sickest Kids - Hey Brittany(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Forever The Sickest Kids - She's A Lady.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Forever The Sickest Kids - Whoa Oh Me Vs Everyone(2).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\german love starfucker 192kb.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Go-Go's - We Got The Beat.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Goo Goo Dolls - Better Days.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Goo Goo Dolls - Iris.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Goo Goo Dolls - Slide.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Good Charlotte - Barbie Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Gravstone Deuce.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Gregory and the Hawk - Boats and Birds.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Gucci Mane - Freaky Gurl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Gwen Steffani - It's My Life.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Happy Hard Core - Barbie Girl (Happy Hardcore Mix).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Harvey Danger - Flagpole Sitta.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hayden Panettiere - Wake Up Call(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hellogoodbye - Baby, its fact.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hellogoodbye - Shimmy Shimmy Quarter Turn.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hellogoodbye - Touch Down Turn Around.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Heroes of Heartache-My last letter.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hollywood Undead - Bottle And A Gun.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hollywood Undead - Pain.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hollywood Undead - The Diary.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hollywood Undead (feat. Jeffree Star) - Turn Off The Lights.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hot Hot Heat - Goodnight Goodnight.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hot Hot Heat - Touch You Touch You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Huff N Doback - Boats N Hoes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hyper Crush - Candy Store.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hyper Crush - Robo Tech.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hyper Crush - Sex And Drugs.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Hyper Crush - Shes a Freak.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ivoryline-Hearts and Minds.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ivoryline - Be Still and Breathe.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ivoryline - Remind Me I'm Alive.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Jedi Mind Tricks & Visionaries - I Love Hip Hop.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Jenny Lewis with The Watson Twins - Rabbit Fur Coat - 08 - Rabbit Fur Coat.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Jim Jones - We Stay Fly.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Josh Tobin - Fanny Pack.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Juno Soundtrack - Loose Lips.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Juno Soundtrack Kimya Dawson - Tire Swing.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Just Like Heaven.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Justice - dance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kate Perry - I Kissed A Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Katy Perry-I kissed a girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Katy Perry - You're So Gay.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kelis- My Milkshakes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kelis - Im Bossy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kelis feat Too Short - I'm Bossy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kerli - Beautiful Inside.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kerli - Not A Barbie Doll.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kerli - Walking on Air.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Black Poison Blood.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\kill hannah - Boys and Girls.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Crazy Angel.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - I Wanna Be A Kennedy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Lips Like Morphine.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Lovesick.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - She's Looking at the Stars.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Unwanted.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Kill Hannah - Wrap Myself Around You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Klaxons - Forgotten Works.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lights - February Air.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lil Mama - G-slide.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lil Wayne - Lollipop.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lily Allen- Alfie.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lily Allen - Friday Night.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lily Allen - Friend Of Mine.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lily Allen - Knock Em Out.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lily Allen - Smile(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\lipgloss-lil mama.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Lit - My Own Worst Enemy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\LTrimm - Cars that go Boom.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludacris - Shake that money maker.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludacris - Whos a Hoe.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludo- Love Me Dead.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludo - Damn These Eyes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludo - Girls On Trampolines.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludo - Laundry Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Ludo - Saras Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\m.i.a.- galang.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\M.I.A. - Bamboo Banga.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\M.I.A. - Bucky Dun Gun.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mac Dre-Thizzle Dance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake- Here I Stand.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake- Me vs The World.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake- Now Or Never.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - House Of Cards.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - In Another Life.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - Morning Sadness.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - One Last Kiss.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - Pandora.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - River People.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - Stars.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Madina Lake - True Love.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Meg & Dia - Monster.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mercy Mercedes - Get It Darlin.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mercy Mercedes - Revolution.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mercy Mercedes - The Perfect Scene.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Metro Station - After The Fall.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Metro Station - Dear Hannah.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Metro Station - Goodnight & Goodbye.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\metro station - kelsey.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\metro station - now that we're done.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\metro station - seventeen forever.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Metro Station - Shake It.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Metro Station - Wish We Were Older.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\MIA - Bird Flu.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mickey Avalon - Jane Fonda.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mickey Avalon - Mr. Right.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mika - Grace Kelly.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Millionaires-In My Bed.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Millionaires - Hoe Down.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\MILLIONAIRES - i like money.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\MILLIONAIRES - Painted Whore.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Millionaires - Talk Shit.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\MILLIONAIRES. - ALCOHOL.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\MILLIONAIRES. - Hey Rich Boy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Mims - Like This.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Misfits - Dig Up Her Bones.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\modest mouse - We've Got Everything.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Black Cadillacs.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Bury Me With it.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Dramamine.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Float On.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Paper Thin Walls.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Summer.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest Mouse - Talking Shit About A Pretty Sunset.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Modest_Mouse-Dashboard.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nelly Fortado - Maneater.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\NeverShoutNever - Here Goes Nothin.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - bigcitydreams .mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - BigCityDreams.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - dare4distance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - Lovers Love Liars Lie.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - myfriendjane.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Nevershoutnever! - shesgotstyle.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\No Doubt - Bathwater.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\No Doubt - Hey Baby.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\No Doubt - Just A Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\No Doubt - Running.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\No Doubt - Spiderwebs.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Offspring - The Kids Aren't Alright.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pain Hollywood Undead.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\palin rap.wma
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Paramore - Crushcrushcrush.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pencey Prep - Fat and Alone.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Peter, Bjorn and John - Young folks.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Phantom Planet - California (The OC soundtrack).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pink Floyd - Welcome to the Machine.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pink Floyd - Wish You Were Here.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pitbull - Go Girl.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pitbull Ft Lil John - The Anthem.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pittsburgh Slim - Girls Kiss Girls (Dirty).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain & the Tramps - I'm Your Favorite Drug.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain & The Tramps - My Leftovers.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and The Tramps- Room of Angels.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - Fuck Like a Star.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - I Feel Perfect.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - King of The World.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - REDLIGHT DISTRICT.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - Sugar Cube.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - Transparent.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Porcelain and the Tramps - You Want.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Punk Goes Crunk- Set Your Goals- Put Yo Hood Up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\PUNK GOES CRUNK-scary_kids_scaring_kids-notorious_thugs_(the_notorious_b_i_g_).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Punk Goes Crunk - Forever The Sickest Kids - Men In Black (Cover).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Punk Goes Crunk - New Found Glory - Back That Ass Up (Cover).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Punk Goes Crunk - Sexyback.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Pussycat Dolls - When I Grow Up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Quietdrive - Time After Time.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rick Ross Ft. Nelly & Avery Storm - Here I Am.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rick Ross ft. R. Kelly - Speeding.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rick Ross Ft. T-Pain -The Boss (Dirty).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Run DMC - It's Tricky.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rx Bandits - All The Time.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rx Bandits - Gun in Your Hand.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rx Bandits - Infection.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rx Bandits - Overcome.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Rx Bandits - Status.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Accident.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\saosin - bury your head.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Collapse.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Follow And Feel.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - I've been dying to reach you.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - I Have Become What I've Always Hated.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\saosin - its far better to learn.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\saosin - no angel.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Plays Pretty For Baby.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Seven Years.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - They Perch On Their Stilts and Dare Me To Break Custom.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Translating The Name.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Voices.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saosin - Youre Not Alone.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Sarah Palin Rap Saturday Night(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Savage - Let Me See Your Hips Swing (Dirty).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Saves The Day - Cars And Calories.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\SAY ANYTHING - Baby I Got Your Money(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Scary Kids Scaring Kids - Bulletproof.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Scary Kids Scaring Kids - Drowning.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Scary Kids Scaring Kids - My Darkest Hour.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Scary Kids Scaring Kids -What's Up Now.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail- Calling All Cars.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Bite To Break Skin.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Bloody Romance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Can't Be Saved.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Choke On This.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Handguns And Second Chances.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Lady In A Blue Dress.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Let it enfold you.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Lost and Found.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Martini Kiss.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Masons Revenge.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Rum is for drinking not burning.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Shark Attack.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - Slow Dance.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Senses Fail - You're Cute When You Scream.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shiny Toy Guns- Le Disko.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shiny Toy Guns - You Are The One.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - Buzzin.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - California.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - Corona and Lime.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - Dance in the Sand.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - High Together.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Shwayze - Summertime.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - Heart Of Glass.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - Billy S.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - Hypocrite.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - I Don't Really Like You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\skye sweetnam - music is my boyfriendd.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - Number One.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Skye Sweetnam - Tangled Up In Me.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Soul Kid Number One - More Bounce In California (Laguna Beach).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Soulja Boy - YAHHH BITCH.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Soulja Boy Tell 'Em - Crank That (Travis Barker Rock Remix).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\start trouble - let's get fucked up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Step Up 2 Soundtrack - Timbaland - Bounce(remix).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story Of The Year- And the Hero Will Drown.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\story of the year- Untill The Day I die.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story of the Year - Anthem of our Dying Day.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story of the Year - In Her Bedroom.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story of the Year - Our Time Is Now.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story Of The Year - Razorblades.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story Of The Year - Sidewalks.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Story Of The Year - Take Me Back.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Sublime - Date Rape.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Sugar Hill Gang - Apache - Jump On It(1).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Sugar Hill Gang - Rappers Delight.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\t.A.T.u - Perfect Enemy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tal Bachman - She's So High Above Me.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - 30 Minutes.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - All About Us.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - All The Things She Said.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - Enigma.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - Friend or Foe.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\tatu - Loves Me Not.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - Not Gonna Get Us.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tatu - Young - Sexy, Naughty, Bitchy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tay Dizim ft. T-Pain & Rick Ross - Beam Me Up.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tech N9ne - Caribou Lou.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Techno - Trance - DJ Sammy - The Boys of Summer.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Aquabats - Pool Party.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ataris - The Boys Of Summer.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Beach Boys - The Lion Sleeps Tonight.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Devil Wears Prada - Dogs Can Grow Beards All Over.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Devil Wears Prada - Spongebob Grindpants.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Devil Wears Prada - Still Fly.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Devil Wears Prada - Texas is South.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Klaxons - Golden Skans.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Klaxons - Gravity's Rainbow.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Klaxons - It's not Over Yet.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Medic Droid-Fer Sure.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits- Last Caress.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Astro Zombies.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - bullet.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Die, Die My Darling.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Dust to Dust.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Halloween.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Helena.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Saturday Night.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Misfits - Skulls.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Office Theme Song.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Cant Get My Head Around You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Gone Away.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Hammerhead.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Hit That.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - I Wanna Be Sedated.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - I Want You Bad.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Pretty Fly for a White Guy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offspring - Self Esteem.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Offsprings - Americana.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pack - Candy.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pack - In My Car.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pack - Jello.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pack - Vans.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pink Spiders - Knock Knock.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pink Spiders - Little Razorblade.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pink Spiders - Modern Swinger.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pink Spiders - Soft Smoke.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Pink Spiders - Teenage Graffiti.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Secret Handshake - I Wish.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - Fruit Machine.MP3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - Great DJ.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - Keep Your Head.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - Shut Up And Let Me Go.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - That's Not My Name.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - We Started Nothing.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Ting Tings - We Walk.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Used - Box Full Of Sharp Objects.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Used - Lies For The Liars - Liar Liar (Burn in Hell).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Used - Pretty Handsome Awkward.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Used - The Bird and the Worm .mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\The Visionaries - Come One Come All.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Three 6 Mafia - Last 2 Walk - 05 - I Got (Ft Pimp C & Project Pat).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw the Fight-Left Here.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw The Fight - Endless Struggle.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw The Fight - His Blood, My Hands.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw The Fight - Lies.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw The Fight - Ready For War.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Throw The Fight - Weakest Hour.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\TI - WHATEVER YOU LIKE (DIRTY).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tila Tequila-Paralyze.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Tila Tequila - Get High.wma
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Timbaland- The Way I Are.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Timbaland - Shock Value - Bounce (Feat.Dr.Dre, Missy & Justin Timberlake).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\TOTALLY HIP TRACK.wma
c:\documents and settings\Owner\My Documents\LimeWire\Saved\truth of deuce cute girl has orgasm on webcam.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Uffie - Pop The Glock.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Vanilla Ice - Ice Ice Baby.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Visionaries - All We Need.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Visionaries ft. Beat Junkies - Blessings.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Way I Are Timberline.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We the Kings- Skyway Avenue.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\WE THE KINGS-This is Our Town.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We The Kings - All Again For You.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\WE THE KINGS - Check Yes Juliet.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We The Kings - Dont Speak Liar.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We The Kings - Headlines Read Out.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We The Kings - Secret Valentine.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\We The Kings - Stay Young.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Webbie ft. Lil Wayne & Lil Boosie - Independent.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\whos hoe .wma
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Wierd Al Yankovic - Ugly Girl (Barbie Girl Remix).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Xzibit - Choke Me, Spank Me (Pull My Hair).mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\yeah soulja boi.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Young Jock - I Know U See It.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Your Sweet Uncertainty - hey baby.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Zolof The Rock And Roll Destroyer - Argh... I'm A Pirate.mp3
c:\documents and settings\Owner\My Documents\LimeWire\Saved\Zolof The Rock And Roll Destroyer - Plays Pretty For Baby.mp3
c:\program files\Common\_helper.dll
c:\program files\Common\helper.dll
c:\program files\Common\helper.sig

Dburnell
2008-11-08, 23:01
Part II of ComboFix Log and HJT Log. Part I in previous post.


((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-07 14:39 . <DIR> c:\windows\LastGood.Tmp
2008-11-04 18:35 . 2008-11-04 20:13 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-11-04 16:13 . 2008-11-04 16:13 8,216 --a------ c:\windows\system32\mst120.dll
2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-27 06:00 . 2008-10-27 06:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-27 06:00 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-27 06:00 . 2008-10-22 15:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-26 16:55 . 2008-10-26 16:55 <DIR> d-------- c:\program files\Trend Micro
2008-10-26 10:28 . 2008-10-26 10:30 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-10-26 10:28 . 2008-10-26 10:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-23 20:00 . 2008-10-15 08:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 21:12 . 2008-10-18 21:12 <DIR> d-------- c:\windows\system32\scripting
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- c:\windows\system32\en
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- c:\windows\system32\bits
2008-10-18 21:11 . 2008-10-18 21:11 <DIR> d-------- c:\windows\l2schemas
2008-10-18 21:09 . 2008-10-18 21:09 <DIR> d-------- c:\windows\ServicePackFiles
2008-10-18 19:49 . 2008-10-18 19:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-18 19:48 . 2008-10-18 19:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-10-18 18:48 . 2008-10-18 18:48 <DIR> d-------- c:\program files\Common Files\iS3
2008-10-18 18:48 . 2008-10-18 18:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2008-10-18 18:48 . 2008-10-18 18:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-10-18 18:19 . 2008-10-18 19:26 <DIR> d-------- c:\program files\Enigma Software Group
2008-10-15 02:49 . 2008-09-08 02:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys
2008-10-15 02:48 . 2008-08-14 02:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 02:48 . 2008-08-14 02:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 02:48 . 2008-08-14 01:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 02:48 . 2008-08-14 01:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-15 02:48 . 2008-09-15 04:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-14 16:57 . 2008-10-14 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2008-10-11 19:12 . 2008-10-11 19:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\TEMP
2008-10-09 10:38 . 2008-10-09 10:38 44,544 --a------ c:\documents and settings\All Users\mjvC.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 20:32 --------- d-----w c:\program files\Common
2008-11-01 15:53 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2008-10-27 14:46 13,452 ----a-w c:\windows\system32\drivers\mbam-log-2008-10-27 (07-45-01).txt
2008-10-27 14:45 --------- d-----w c:\program files\eSoftware
2008-10-22 17:28 --------- d-----w c:\program files\World of Warcraft
2008-10-22 13:05 --------- d-----w c:\documents and settings\Owner\Application Data\U3
2008-10-19 03:49 --------- d-----w c:\program files\Lavasoft
2008-10-19 03:49 --------- d-----w c:\documents and settings\Owner\Application Data\Lavasoft
2008-10-11 17:17 14,704 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-10-09 00:18 --------- d-----w c:\documents and settings\Owner\Application Data\Canon
2008-09-10 01:09 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-16 16:18 22 ----a-w C:\pics01.zip
.

((((((((((((((((((((((((((((( snapshot@2008-10-27_21.18.37.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 03:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 04:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 15:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 16:00:00 89,504 ----a-w c:\windows\fdsv.exe
- 2000-08-31 15:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2000-08-31 16:00:00 80,412 ----a-w c:\windows\grep.exe
- 2000-08-31 15:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 16:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 15:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2000-08-31 16:00:00 98,816 ----a-w c:\windows\sed.exe
- 2000-08-31 15:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 16:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2000-08-31 15:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 16:00:00 136,704 ----a-w c:\windows\SWSC.exe
- 2000-08-31 15:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
+ 2000-08-31 16:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2008-07-19 05:10:48 94,920 ----a-w c:\windows\system32\cdm.dll
+ 2008-10-16 22:09:44 92,696 ----a-w c:\windows\system32\cdm.dll
- 2008-07-19 05:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 22:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-07-19 05:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 22:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 05:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 05:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 22:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 05:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 05:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 22:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2007-07-27 22:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 22:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 03:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 20:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
+ 2008-02-11 17:39:26 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2008-02-11 17:39:18 237,568 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2008-02-08 21:53:46 110,592 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2008-02-05 16:48:04 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-10-19 05:39:57 64,372 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-02 14:42:51 64,372 ----a-w c:\windows\system32\perfc009.dat
- 2008-10-19 05:39:57 409,232 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-02 14:42:51 409,232 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2004-12-07 18:11:34 258,352 ----a-w c:\windows\system32\unicows.dll
- 2008-07-19 05:09:44 563,912 ----a-w c:\windows\system32\wuapi.dll
+ 2008-10-16 22:12:20 561,688 ----a-w c:\windows\system32\wuapi.dll
- 2008-07-19 05:10:42 53,448 ----a-w c:\windows\system32\wuauclt.exe
+ 2008-10-16 22:09:44 51,224 ----a-w c:\windows\system32\wuauclt.exe
- 2008-07-19 05:09:42 1,811,656 ----a-w c:\windows\system32\wuaueng.dll
+ 2008-10-16 22:13:40 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
- 2008-07-19 05:09:46 325,832 ----a-w c:\windows\system32\wucltui.dll
+ 2008-10-16 22:12:22 323,608 ----a-w c:\windows\system32\wucltui.dll
- 2008-07-19 05:10:20 36,552 ----a-w c:\windows\system32\wups.dll
+ 2008-10-16 22:08:58 34,328 ----a-w c:\windows\system32\wups.dll
- 2008-07-19 05:10:40 45,768 ----a-w c:\windows\system32\wups2.dll
+ 2008-10-16 22:09:44 43,544 ----a-w c:\windows\system32\wups2.dll
- 2008-07-19 05:09:44 205,000 ----a-w c:\windows\system32\wuweb.dll
+ 2008-10-16 22:13:40 202,776 ----a-w c:\windows\system32\wuweb.dll
- 2000-08-31 15:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2000-08-31 16:00:00 49,152 ----a-w c:\windows\VFIND.exe
- 2000-08-31 15:00:00 68,096 ----a-w c:\windows\zip.exe
+ 2000-08-31 16:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 50,776 2005-06-23 17:31:54 c:\program files\America Online 9.0\bak\AOL.EXE

----a-w 125,528 2004-11-03 21:03:00 c:\program files\Common Files\AOL\1139343492\EE\bak\AOLHostManager.exe

----a-w 139,264 2005-08-27 13:09:28 c:\program files\Digital Media Reader\bak\readericon45G.exe

----a-w 267,064 2007-09-26 21:42:04 c:\program files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 17:36:40 c:\program files\iTunes\iTunesHelper.exe

----a-w 110,592 2005-09-26 18:26:58 c:\program files\McAfee\SpamKiller\bak\MskAgent.exe

----a-w 1,121,792 2005-08-12 23:16:44 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe

----a-w 303,104 2005-09-23 01:29:08 c:\program files\McAfee.com\Agent\bak\mcagent.exe

----a-w 212,992 2006-01-11 19:05:42 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

----a-w 1,005,096 2005-11-12 00:00:56 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe

----a-w 151,552 2005-07-09 01:18:22 c:\program files\McAfee.com\VSO\bak\mcmnhdlr.exe

----a-w 163,840 2005-08-10 20:49:20 c:\program files\McAfee.com\VSO\bak\mcvsshld.exe

----a-w 53,248 2005-08-12 06:02:44 c:\program files\McAfee.com\VSO\bak\oasclnt.exe

----a-w 600,896 2006-07-07 23:15:07 c:\program files\Microsoft IntelliPoint\bak\ipoint.exe

----a-w 5,419,008 2007-05-30 01:34:50 c:\program files\MySpace\IM\bak\MySpaceIM.exe

----a-w 286,720 2007-06-29 13:24:52 c:\program files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 06:37:20 c:\program files\QuickTime\QTTask.exe

----a-w 49,152 2003-05-08 18:00:58 c:\program files\ScanSoft\OmniPageSE2.0\bak\OpwareSE2.exe

----a-w 129,536 2006-07-22 00:19:46 c:\program files\Yahoo!\browser\bak\ybrwicon.exe

----a-w 4,662,776 2006-12-01 05:49:04 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

----a-w 407,032 2006-07-21 18:43:10 c:\program files\Yahoo!\YOP\bak\yop.exe

----a-w 64,512 2005-08-06 04:56:34 c:\windows\ehome\bak\ehtray.exe

----a-w 15,360 2004-08-10 19:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"ehTray"="c:\windows\ehome\ehtray.exe" [N/A]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [N/A]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [N/A]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [N/A]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [N/A]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\bak\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [N/A]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [N/A]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [N/A]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [N/A]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [N/A]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [N/A]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"HostManager"="c:\program files\Common Files\AOL\1139343492\EE\AOLHostManager.exe" [N/A]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2005-09-18 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-02-07 2168360]
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2008-04-05 1064960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139343492\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [2007-12-24 14336]
S2 gupdate1c8cccf4fec6c50;Google Update Service (gupdate1c8cccf4fec6c50);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [2007-12-24 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7855b9a1-9814-11da-9eba-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9128207b-7b98-11dc-8cce-0015581f649b}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3053969-9822-11da-b84e-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2008-11-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 17:15]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 12:35:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Owner\Local Settings\Application Data\AOL\AOLDiag\AOL\IMAppServiceUSGM\Win32\6.5.12.1\202c935a.nub 174 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\AIM6\aolsoftware.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-08 12:39:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-08 20:39:46
ComboFix2.txt 2008-11-02 20:54:06

Pre-Run: 182,229,704,704 bytes free
Post-Run: 182,262,411,264 bytes free

887 --- E O F --- 2008-10-26 15:29:56


-------------------------------------------------------------------


HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:08 PM, on 11/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139343492\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: forteManager.lnk = ?
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c8cccf4fec6c50) (gupdate1c8cccf4fec6c50) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - http://www.nationalgeographic.com/ngm/0101/images/feature2_6.jpg

--
End of file - 9570 bytes

Shaba
2008-11-09, 12:06
That looks good :)

Still problems?

Dburnell
2008-11-09, 16:44
Shaba,

Computer seems to be running fine. I really appreciate all of your help.

Thanks,

David

Shaba
2008-11-09, 19:51
Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Dburnell
2008-11-10, 02:15
Shaba,

Tasks performed and Explorer options applied. Everything seems to be running properly. Once again, thank you for all of the help.

David

Shaba
2008-11-12, 11:46
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.