View Full Version : Spybot Search & Destroy has stopped working
Hi,
I am having major problems with trying to run any sort of Malware programs, have tried Spybot, Malwarebytes, superantispyware, AdAware and many more All have the same responce '...... has stopped working'
I have managed to install BitDefender Total 2009, which is up to date and running, hasn't managed to fix the problem tho!
Ps. Google is redirted 75% of the time to Stopzilla pages and such.
Please HELP!
Brett
Logfile of HijackThis v1.99.1
Scan saved at 7:55:27 PM, on 20/04/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Hi Brinesy
Your HijackThis is outdated.
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Hi Shaba
Sorry for posting in the wrong spot.... Stupid Newbie!
Quick update from yesterdays post, I renamed the Malwarebytes .exe file and got it to update and run.
This is what it found and removed.
Malwarebytes' Anti-Malware 1.36
Database version: 2013
Windows 6.0.6001 Service Pack 1
20/04/2009 11:11:23 PM
mbam-log-2009-04-20 (23-11-23).txt
Scan type: Quick Scan
Objects scanned: 83304
Time elapsed: 3 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Convert2PlaySoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert2Play (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\acetools.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\arcicons.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\find.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files\zficons.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Tried to do a full system scan overnight in Safe Mode but it froze after about 2hrs into it, had to reboot the system in the morning.
Did the same for Spybot, but it didn't find anything.
Here is the new HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:44 PM, on 21/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Brett\Desktop\HiJackThis.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 8508 bytes
Thanks for taking a look.
Brett
That is a good sign :)
Please download GMER (http://gmer.net/gmer.zip) by GMER. An alternate download site (http://www2.gmer.net/).
Unzip it to a folder on your desktop.
Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then... Click the Rootkit/Malware tab at the top of the GMER window.
Click the Scan button. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.
In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.
GMER 1.0.15.14966 - http://www.gmer.net
Autostart scan 2009-04-21 20:42:13
Windows 6.0.6001 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AcerMemUsageCheckService@ = C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Ati External Event Utility@ = %SystemRoot%\system32\Ati2evxx.exe
BOCore@ = C:\Program Files\Comodo\CBOClean\BOCORE.exe
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
eRecoveryService@ = C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
LightScribeService@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
LIVESRV@ = "C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service
LiveUpdate Notice Ex@ = "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon /*file not found*/
LiveUpdate Notice Service@ = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
Nero BackItUp Scheduler 3@ = C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PLFlash DeviceIoControl Service@ = C:\Windows\system32\IoctlSvc.exe
SBSDWSCService@ = C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
VSSERV@ = "C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe" /service
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@eRecoveryService /*file not found*/ = /*file not found*/
@WPCUMIC:\Windows\system32\WpcUmi.exe = C:\Windows\system32\WpcUmi.exe
@BOC-426C:\PROGRA~1\Comodo\CBOClean\BOC426.exe = C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
@StartCCC"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@BDAgent"C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" = "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
@BitDefender Antiphishing Helper"C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" = "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@SUPERAntiSpywareC:\Program Files\SUPERAntiSpyware\4f102bf1-e364-431d-a735-0ea4cf21cdbc.exe = C:\Program Files\SUPERAntiSpyware\4f102bf1-e364-431d-a735-0ea4cf21cdbc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD}C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}C:\Program Files\SUPERAntiSpyware\SASSEH.DLL = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E} /*Groove GFS Browser Helper*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} /*Groove GFS Explorer Bar*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{A449600E-1DC6-4232-B948-9BD794D62056} /*Groove GFS Stub Icon Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{B5A7F190-DDA6-4420-B3BA-52453494E6CD} /*Groove GFS Stub Execution Hook*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{6C467336-8281-4E60-8204-430CED96822D} /*Groove GFS Context Menu Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{387E725D-DC16-4D76-B310-2C93ED4752A0} /*Groove XML Icon Handler*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{16F3DD56-1AF5-4347-846D-7C10C4192619} /*Groove Explorer Icon Overlay 3 (GFS Folder)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} /*Groove Explorer Icon Overlay 2 (GFS Stub)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} /*Groove Explorer Icon Overlay 4 (GFS Unread Mark)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{99FD978C-D287-4F50-827F-B2C658EDA8E7} /*Groove Explorer Icon Overlay 1 (GFS Unread Stub)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{920E6DB1-9907-4370-B3A0-BAFC03D81399} /*Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)*/C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/C:\Program Files\arcext.dll = C:\Program Files\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 DragDrop Shell Extension*/C:\Program Files\arcext.dll = C:\Program Files\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Context Menu Shell Extension*/C:\Program Files\arcext.dll = C:\Program Files\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.61 Property Sheet Shell Extension*/C:\Program Files\arcext.dll = C:\Program Files\arcext.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
@{5E2121EE-0300-11D4-8D3B-444553540000} /*Catalyst Context Menu extension*/C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{52B87208-9CCF-42C9-B88E-069281105805} /*Trojan Remover Shell Extension*/(null) =
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\arcext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{100BD527-7304-4b7f-BEE2-26D97B04EBA4}C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
@{4CE485DD-C395-46C4-A929-7B771D8A5655}"C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll" = "C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll"
@{9E96C1F5-0EFA-4348-9460-15D6802C70AA}C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll = C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll
@{CA8ACAFA-5FBB-467B-B348-90DD488DE003}C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Program Files\BitDefender\BitDefender 2009\bdshelxt.dll = C:\Program Files\BitDefender\BitDefender 2009\bdshelxt.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\arcext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers >>>
@{4CE485DD-C395-46C4-A929-7B771D8A5655}"C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll" = "C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll"
@{9E96C1F5-0EFA-4348-9460-15D6802C70AA}C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll = C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll
@{CA8ACAFA-5FBB-467B-B348-90DD488DE003}C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
XXX Groove GFS Context Menu Handler XXX@{6C467336-8281-4E60-8204-430CED96822D} = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers >>>
@{100BD527-7304-4b7f-BEE2-26D97B04EBA4}C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll = C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
@{4CE485DD-C395-46C4-A929-7B771D8A5655}"C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll" = "C:\Program Files\BitDefender\BitDefender 2009\fshredctx.dll"
@{9E96C1F5-0EFA-4348-9460-15D6802C70AA}C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll = C:\Program Files\BitDefender\BitDefender 2009\bdfvsctx.dll
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Program Files\BitDefender\BitDefender 2009\bdshelxt.dll = C:\Program Files\BitDefender\BitDefender 2009\bdshelxt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{72853161-30C5-4D22-B7F9-0BBC1D38A37E}C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll = C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com.au/ = http://www.google.com.au/
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
grooveLocalGWS@CLSID = C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
its@CLSID = %SystemRoot%\System32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
tv@CLSID = C:\Windows\System32\msvidctl.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
---- EOF - GMER 1.0.15 ----
Running rootkit again as the file that it produced was about 500,000 characters and to big to post??
...."The text that you have entered is too long (485642 characters). Please shorten it to 64000 characters long."
Am I doing something wrong?
No, file itself is too big.
You can upload it to rapidshare.com and paste link here, please.
Here you are,
http://rapidshare.com/files/224139663/gmerroot.txt.html
Brett
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
I searched the net to try and find out how to disable Bitdefender Total 2009completely and came up blank! disabled it at start up through Spybot but that hasn't seemed to have worked. Can you advice the process for this and I will run it again?
Have attached logs anyway... don't know if they are any good.
ComboFix 09-04-22.A2 - Brett 22/04/2009 21:11.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3327.2475 [GMT 10:00]
Running from: c:\users\Brett\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\gxvxcxhugvsxrwdxxwtlspmvebofyqfycmvbb.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcrcqercnnottxbpwvihqroqlnlikhcpoe.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GXVXCSERV.SYS
-------\Service_GXVXCSERV.SYS
((((((((((((((((((((((((( Files Created from 2009-03-22 to 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-21 12:20 . 2009-04-21 12:20 -------- d-----w c:\users\Naomi\AppData\Roaming\Malwarebytes
2009-04-21 10:15 . 2009-04-21 10:15 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-21 10:15 . 2009-04-21 10:15 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-21 05:19 . 2009-04-21 05:19 -------- d-----w c:\users\Renae\AppData\Roaming\BitDefender
2009-04-20 13:27 . 2009-04-21 20:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 13:27 . 2009-04-20 13:27 -------- d-----w c:\users\Brett\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 13:04 . 2009-04-20 13:04 -------- d-----w c:\users\Brett\AppData\Roaming\Malwarebytes
2009-04-19 21:55 . 2009-04-19 21:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 09:45 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 09:45 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 09:45 . 2009-04-20 13:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 09:45 . 2009-04-19 09:45 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-19 09:45 . 2009-04-19 09:45 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 07:33 . 2009-04-22 10:58 121 ----a-w c:\windows\bdagent.INI
2009-04-17 21:39 . 2009-04-17 21:39 -------- d-----w c:\users\Joey\AppData\Roaming\BitDefender
2009-04-17 11:23 . 2009-04-17 11:23 -------- d-----w c:\users\Naomi\AppData\Roaming\BitDefender
2009-04-17 10:34 . 2009-04-17 10:34 132 ----a-w C:\httpdwl.dat
2009-04-17 10:13 . 2009-04-18 07:31 -------- d-----w c:\users\Brett\AppData\Local\ApplicationHistory
2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w c:\users\Brett\AppData\Roaming\BitDefender
2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w C:\Binaries
2009-04-16 11:14 . 2009-04-16 11:14 -------- d-----w c:\windows\system32\URTTEMP
2009-04-16 11:13 . 2009-04-17 09:28 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-15 09:19 . 2009-04-15 12:38 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-14 20:52 . 2009-04-14 20:52 691 ----a-w c:\users\Naomi\AppData\Roaming\GetValue.vbs
2009-04-14 20:52 . 2009-04-14 20:52 35 ----a-w c:\users\Naomi\AppData\Roaming\SetValue.bat
2009-04-14 20:41 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-10 04:40 . 2009-04-10 04:40 -------- d-----w c:\users\Brett\AppData\Roaming\Media Player Classic
2009-04-10 04:39 . 2009-04-11 07:40 -------- d-----w C:\Amadis Video Converter Output
2009-04-10 04:13 . 2009-04-10 04:13 -------- d-----w C:\temp
2009-04-09 10:55 . 2009-04-09 10:55 -------- d-----w c:\program files\Amadis Software
2009-04-04 03:55 . 2009-04-04 03:55 -------- d-----w c:\program files\WinAVI MP4 Converter
2009-04-02 10:30 . 2009-04-11 07:32 -------- d-----w c:\program files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 11:08 . 2009-04-16 21:46 81984 ----a-w c:\windows\System32\bdod.bin
2009-04-22 10:57 . 2008-11-13 09:26 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-21 11:02 . 2008-07-06 03:18 310 ----a-w c:\program files\action.log
2009-04-21 09:44 . 2007-04-17 00:52 -------- d-----w c:\programdata\Symantec
2009-04-20 22:01 . 2008-06-28 23:27 -------- d-----w c:\users\Naomi\AppData\Roaming\LimeWire
2009-04-20 13:10 . 2008-11-13 09:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 21:54 . 2008-06-28 23:10 -------- d-----w c:\program files\Java
2009-04-18 07:55 . 2009-04-17 09:28 -------- d-----w c:\programdata\BitDefender
2009-04-17 10:45 . 2008-11-13 12:11 -------- d-----w c:\users\Brett\AppData\Roaming\U3
2009-04-17 09:51 . 2008-04-23 08:34 192512 ----a-w c:\windows\System32\txmlutil.dll
2009-04-17 09:51 . 2008-08-14 08:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-17 09:51 . 2008-08-12 08:40 242184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-04-17 09:51 . 2008-08-12 08:40 111112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-04-17 09:51 . 2008-07-02 03:07 82696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-04-17 09:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 09:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 09:30 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 09:28 . 2009-04-16 11:15 -------- d-----w c:\program files\BitDefender
2009-04-16 21:58 . 2008-07-04 08:57 -------- d-----w c:\programdata\BOC426
2009-04-16 21:17 . 2008-06-28 23:34 -------- d-----w c:\users\Joey\AppData\Roaming\LimeWire
2009-04-16 21:17 . 2008-06-28 23:31 -------- d-----w c:\users\Renae\AppData\Roaming\LimeWire
2009-04-16 21:17 . 2007-04-17 01:00 -------- d-----w c:\programdata\Microsoft Help
2009-04-16 11:11 . 2007-04-17 00:52 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 11:10 . 2008-06-28 03:45 -------- d-----w c:\program files\Norton 360
2009-04-15 20:59 . 2009-01-14 10:07 -------- d-----w c:\users\Brett\AppData\Roaming\Azureus
2009-04-14 21:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 20:53 . 2009-04-14 20:51 2305 ----a-w C:\rapport.txt
2009-04-14 10:18 . 2008-06-18 05:48 8160 ----a-w c:\users\Brett\AppData\Local\d3d9caps.dat
2009-04-11 07:27 . 2009-01-14 10:07 -------- d-----w c:\program files\Vuze
2009-04-10 04:26 . 2009-04-04 03:55 50611 ----a-w C:\MP4debug.log
2009-04-04 00:37 . 2008-06-28 23:11 -------- d-----w c:\users\Brett\AppData\Roaming\LimeWire
2009-03-30 10:38 . 2008-08-16 03:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:38 . 2009-04-14 20:42 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 20:42 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:42 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-07 08:40 . 2008-06-29 09:52 -------- d-----w c:\programdata\DVD Shrink
2009-03-03 04:46 . 2009-04-14 20:42 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 20:42 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 20:42 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-14 20:42 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 20:42 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 20:42 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 20:42 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 20:42 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 20:42 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-14 20:42 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 20:42 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 20:42 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-14 20:42 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 21:51 . 2008-07-11 09:38 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 05:25 . 2008-06-20 05:58 104448 ----a-w c:\users\Renae\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-25 07:37 . 2008-06-18 08:47 104448 ----a-w c:\users\Joey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 21:00 . 2008-06-18 06:58 104448 ----a-w c:\users\Naomi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 11:14 . 2008-06-18 05:49 104448 ----a-w c:\users\Brett\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 08:49 . 2009-04-14 20:42 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-14 20:42 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 10:36 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-13 09:28 . 2009-01-13 09:28 680 ----a-w c:\users\Naomi\AppData\Local\d3d9caps.dat
2008-08-04 12:07 . 2008-07-06 03:17 235 ----a-w c:\program files\order.ord
2008-06-29 12:34 . 2008-06-29 12:34 0 ----a-w c:\users\Brett\AppData\Roaming\wklnhst.dat
2008-06-29 04:29 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-06-28 23:31 . 2008-06-28 23:31 680 ----a-w c:\users\Renae\AppData\Local\d3d9caps.dat
2008-06-20 12:36 . 2008-06-20 12:36 3222 ----a-w c:\users\All Users\xml4A78.tmp
2008-06-20 12:36 . 2008-06-20 12:36 3222 ----a-w c:\programdata\xml4A78.tmp
2008-06-20 12:36 . 2008-06-20 12:36 18406 ----a-w c:\users\All Users\xml3CE0.tmp
2008-06-20 12:36 . 2008-06-20 12:36 18406 ----a-w c:\programdata\xml3CE0.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\4f102bf1-e364-431d-a735-0ea4cf21cdbc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe"
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe"
"BOC-426"=c:\progra~1\Comodo\CBOClean\BOC426.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ED1E9675-5C5C-4552-8979-8FFBD704C996}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5A6A6A0-D297-4AA6-9383-21A16C3F9929}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72054225-EE28-47DF-B2B8-F3B9C93964A3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{793FE12F-5ADA-48C0-A6C2-2F64F67F5139}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6CCF7CF8-77F5-4804-B894-0A15F1C4201D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4BDB85EB-3D9F-4E05-9520-D65F8A66F7BF}"= UDP:f:\program files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{BE8147AD-FC69-4E8A-BBCA-642A052C5F53}"= TCP:f:\program files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{6EA877F6-CD1B-4F38-ABC3-CAE702A7ABB6}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6AC9F8CF-057B-4561-90C3-38B22F18CC92}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{F60E4F0C-7DAD-45E5-BB26-0584F22B3E8B}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{7F03506F-C21D-424B-8EE0-7EEDB9600CDA}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{26BF0D4E-BB39-4CBF-8A2B-C5BBD4271537}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BD78FA3-78E6-4649-BBDD-7A7FBCC7DCAC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{643D283F-91CA-4592-A463-F5FF2D66A42D}"= UDP:18380:BitComet 18380 TCP
"{770EC11C-6E5D-4937-A426-7D5C7DC8676B}"= TCP:18380:BitComet 18380 UDP
"{763DB909-DC4B-4F03-AFCD-675A3D2D590F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{887A0C2F-5494-43A9-9541-D4C538BD0A78}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{7DBF8BE9-ED24-4342-86CA-93B680BDE0AE}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D0CA9261-A3FA-4B43-8660-B2A3BE40B684}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R1 SASKUTIL;SASKUTIL; [x]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-04-17 82696]
S2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-03-27 73464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-04-17 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-17 104328]
S3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5ab778-40f6-11dd-bc8b-001c25881c9d}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec47aee1-9641-11dd-ac11-001c25881c9d}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{5BAAAF56-1351-453D-8D8A-4B3FC76EDE93}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
2009-04-22 c:\windows\Tasks\User_Feed_Synchronization-{93E7DC4F-24FD-4BAE-B9CA-738C5562A473}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-eRecoveryService - (no file)
Notify-!SASWinLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 21:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Brett\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\users\Brett\AppData\Local\Temp\gxvxc000 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys]
"imagepath"="\systemroot\system32\drivers\gxvxcwvvlbrkfpnwqncypunorrbmcuduthooc.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcwvvlbrkfpnwqncypunorrbmcuduthooc.sys"
.
Completion time: 2009-04-22 21:22
ComboFix-quarantined-files.txt 2009-04-22 11:22
Pre-Run: 151,325,872,128 bytes free
Post-Run: 151,431,471,104 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
277 --- E O F --- 2009-04-21 23:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:12 PM, on 22/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brett\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 7072 bytes
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
You will now be presented with a screen similar to the one below:
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Empowering Technology
Acer ePerformance Management
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
BitDefender Total Security 2009
BOClean
Bonjour
CCleaner (remove only)
Common-Use Signing Interface
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESCX4700_4100 User's Guide
ESET Online Scanner
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
LimeWire PRO 4.18.3
LiveUpdate Notice (Symantec Corporation)
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
Norton 360
NTI Backup NOW! 4.7
OGA Notifier 1.7.0105.35.0
PIF DESIGNER
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
ResumeMaker
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spybot - Search & Destroy
Topfield Tools
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB950219)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoReDo TVSuite Version 3.1.4.549
Vuze
WinAce Archiver
XnView 1.95.3
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire PRO 4.18.3
Vuze
I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please run a new uninstall log scan when finished and post the log back here.
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Empowering Technology
Acer ePerformance Management
Acer ScreenSaver
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 9.1
Apple Mobile Device Support
Apple Software Update
BitDefender Total Security 2009
BOClean
Bonjour
CCleaner (remove only)
Common-Use Signing Interface
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Image Clip Palette
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESCX4700_4100 User's Guide
ESET Online Scanner
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Motorola SM56 Speakerphone Modem
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
NTI Backup NOW! 4.7
OGA Notifier 1.7.0105.35.0
PIF DESIGNER
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
ResumeMaker
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Spybot - Search & Destroy
Topfield Tools
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB950219)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
VC80CRTRedist - 8.0.50727.762
VCRedistSetup
VideoReDo TVSuite Version 3.1.4.549
WinAce Archiver
XnView 1.95.3
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
c:\users\Naomi\AppData\Roaming\LimeWire
c:\users\Joey\AppData\Roaming\LimeWire
c:\users\Renae\AppData\Roaming\LimeWire
c:\users\Brett\AppData\Roaming\Azureus
c:\users\Brett\AppData\Roaming\LimeWire
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6EA877F6-CD1B-4F38-ABC3-CAE702A7ABB6}"=-
"{6AC9F8CF-057B-4561-90C3-38B22F18CC92}"=-
"TCP Query User{7DBF8BE9-ED24-4342-86CA-93B680BDE0AE}c:\\program files\\vuze\\azureus.exe"= -
"UDP Query User{D0CA9261-A3FA-4B43-8660-B2A3BE40B684}c:\\program files\\vuze\\azureus.exe"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
ComboFix 09-04-22.A2 - Brett 24/04/2009 19:31.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3327.1851 [GMT 10:00]
Running from: c:\users\Brett\Desktop\ComboFix.exe
Command switches used :: c:\users\Brett\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Brett\AppData\Roaming\Azureus
c:\users\Brett\AppData\Roaming\Azureus\.certs
c:\users\Brett\AppData\Roaming\Azureus\.keystore
c:\users\Brett\AppData\Roaming\Azureus\.lock
c:\users\Brett\AppData\Roaming\Azureus\active\03DD5CE7C74815627162067C7A59F1BE8F339542.dat
c:\users\Brett\AppData\Roaming\Azureus\active\03DD5CE7C74815627162067C7A59F1BE8F339542.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\0D1B1FCBCBB2A69534E15E27CACA65831D5ABB4F.dat
c:\users\Brett\AppData\Roaming\Azureus\active\0D1B1FCBCBB2A69534E15E27CACA65831D5ABB4F.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\298B2CD96F1455051A69831337C85946C2EAD0DC.dat
c:\users\Brett\AppData\Roaming\Azureus\active\298B2CD96F1455051A69831337C85946C2EAD0DC.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\2D8312A4FE6883DC09A4472CDC631FF7D384F310.dat
c:\users\Brett\AppData\Roaming\Azureus\active\2D8312A4FE6883DC09A4472CDC631FF7D384F310.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\470FBF5B4C8899659F02F37E2E522018275D5399.dat
c:\users\Brett\AppData\Roaming\Azureus\active\470FBF5B4C8899659F02F37E2E522018275D5399.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\483258DE34AD68AA932C3F2AF612B3C0456ECCD4.dat
c:\users\Brett\AppData\Roaming\Azureus\active\483258DE34AD68AA932C3F2AF612B3C0456ECCD4.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\4ED86A0681644BDC049176D8BD4D61736D5D76D3.dat
c:\users\Brett\AppData\Roaming\Azureus\active\4ED86A0681644BDC049176D8BD4D61736D5D76D3.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\663BEE2DEEFB122CD85072F7B917B976C168D65D.dat
c:\users\Brett\AppData\Roaming\Azureus\active\663BEE2DEEFB122CD85072F7B917B976C168D65D.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\6964E4F7D4A00E419EE9FCB6ADBBF437F4388EEA.dat
c:\users\Brett\AppData\Roaming\Azureus\active\6964E4F7D4A00E419EE9FCB6ADBBF437F4388EEA.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\6F2F120018451A8CAAC0DBCD69B3B4F70D5E499D.dat
c:\users\Brett\AppData\Roaming\Azureus\active\6F2F120018451A8CAAC0DBCD69B3B4F70D5E499D.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\8D3ADEDE1022B748C3B57F1561CD94442EC1DB25.dat
c:\users\Brett\AppData\Roaming\Azureus\active\8D3ADEDE1022B748C3B57F1561CD94442EC1DB25.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\9984ADF0A137E721DF151E56BBAC0B60B6957F3F.dat
c:\users\Brett\AppData\Roaming\Azureus\active\9984ADF0A137E721DF151E56BBAC0B60B6957F3F.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\9BC7EBA21AA9826049F7C8E5062AD70A64BBADA7.dat
c:\users\Brett\AppData\Roaming\Azureus\active\9BC7EBA21AA9826049F7C8E5062AD70A64BBADA7.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\B18E7748222CE103F04D9B0E3C9DB29711C23C1D.dat
c:\users\Brett\AppData\Roaming\Azureus\active\B18E7748222CE103F04D9B0E3C9DB29711C23C1D.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\B5D0AB741C991195B5779308EA2B9D27AE88C6C1.dat
c:\users\Brett\AppData\Roaming\Azureus\active\B5D0AB741C991195B5779308EA2B9D27AE88C6C1.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\B9D68954A2758CF2ABC00F89C1EA205F7B043238.dat
c:\users\Brett\AppData\Roaming\Azureus\active\B9D68954A2758CF2ABC00F89C1EA205F7B043238.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\BCC328DE48B9F90848D85D1141D59E10DEEC4D5C.dat
c:\users\Brett\AppData\Roaming\Azureus\active\BCC328DE48B9F90848D85D1141D59E10DEEC4D5C.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\cache.dat
c:\users\Brett\AppData\Roaming\Azureus\active\D08048B87FDDCF7BC8FF0BF36295A2B19893AF0B.dat
c:\users\Brett\AppData\Roaming\Azureus\active\D08048B87FDDCF7BC8FF0BF36295A2B19893AF0B.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\D13B27F5F3926DE81F3DAE28B1BA2EF152607489.dat
c:\users\Brett\AppData\Roaming\Azureus\active\D13B27F5F3926DE81F3DAE28B1BA2EF152607489.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\D428B3E847F1B3C06D42CF6217840E776A5B0AEB.dat
c:\users\Brett\AppData\Roaming\Azureus\active\D428B3E847F1B3C06D42CF6217840E776A5B0AEB.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\EFC87B5E8CD47022B8544E8AC5046321586891CF.dat
c:\users\Brett\AppData\Roaming\Azureus\active\EFC87B5E8CD47022B8544E8AC5046321586891CF.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\F231F95BB6E9531A4F6F7B3437C553B2BAE0D3A4.dat
c:\users\Brett\AppData\Roaming\Azureus\active\F231F95BB6E9531A4F6F7B3437C553B2BAE0D3A4.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\FF429A866878B80D5ED907965F7348F8F088FFC0.dat
c:\users\Brett\AppData\Roaming\Azureus\active\FF429A866878B80D5ED907965F7348F8F088FFC0.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\active\FF9B58B3F64859478EDEE52E93834D2A24C1D066.dat
c:\users\Brett\AppData\Roaming\Azureus\active\FF9B58B3F64859478EDEE52E93834D2A24C1D066.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\azureus.config
c:\users\Brett\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Brett\AppData\Roaming\Azureus\azureus.statistics
c:\users\Brett\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Brett\AppData\Roaming\Azureus\banips.config
c:\users\Brett\AppData\Roaming\Azureus\banips.config.bak
c:\users\Brett\AppData\Roaming\Azureus\cache\1191085919.ico
c:\users\Brett\AppData\Roaming\Azureus\cnetworks.config
c:\users\Brett\AppData\Roaming\Azureus\devices.config
c:\users\Brett\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\general.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\net3\addresses.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\net3\contacts.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\net3\diverse.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\net3\version.dat
c:\users\Brett\AppData\Roaming\Azureus\dht\version.dat
c:\users\Brett\AppData\Roaming\Azureus\downloads.config
c:\users\Brett\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Brett\AppData\Roaming\Azureus\friends.config
c:\users\Brett\AppData\Roaming\Azureus\friends.config.bak
c:\users\Brett\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Brett\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt
c:\users\Brett\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3605429056.txt
c:\users\Brett\AppData\Roaming\Azureus\metasearch.config
c:\users\Brett\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Brett\AppData\Roaming\Azureus\net\pm_9543.dat
c:\users\Brett\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\azump_1.2.jar
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\azump_1.2.zip
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\azump_1.3.jar
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\azump_1.3.zip
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\mplayer.exe.bak
c:\users\Brett\AppData\Roaming\Azureus\plugins\azump\mplayer\config
c:\users\Brett\AppData\Roaming\Azureus\plugins\azupnpav\cd.dat
c:\users\Brett\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Brett\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Brett\AppData\Roaming\Azureus\subs\00C60E73A94959D3C5D4.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\02BAAAEBE411DFAC0244.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\065BC7FC173B034D8ED1.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\06CB2693507E1A022820.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\09A4EF071DB008D2F8DB.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\0CDE72846FE2AA5DB933.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\0F43028A20CF28E3BD66.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\0FABB39CC95EDC7AC96A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\1318175E4E1FA98A9865.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\138C6A1EDC4370F95C7E.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\13CCCA643B4D4185F7D8.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\1553F4D575E7CB313E0E.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\1A3FC0313635EB3FFECF.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\22B35854ED26BC70481C.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\23C07FC046663EDB38E5.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\2467EBC11EDD571DC7C1.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\263B1CE9E9EBF2EE035A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\298D92152D663570BB8F.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\31E3051CC42F8C7385B0.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\31FF70471734C8A044C9.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\323A4ADFB999F6620B6D.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\3405D0DD44921CFD1D39.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\3899974FA488B341844A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\38F14939A1ADE522383C.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\3E1E3C16D075895286EC.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\3E4896870D57AA2558A2.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\3E916F6AC713B06A5907.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\400B09C6BFC041C77125.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\428870FB845DFB86BDFF.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\475A6FF4074864929368.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\49D0477CAD9099C40114.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\4D24F81910383150D4B1.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\4E52720D295BF1A3277A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\5323336381142EFCCE0F.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\54BCD7706C9AED3A4424.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\557394064D545800B239.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\5781FA290B8DE0FA3388.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\581765478D3517627C73.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\594912A4EBA470D10848.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\5B3715A8F8D772001847.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\6266EA3AFA431F35C521.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\62FE6A1CAD12849F5889.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\67ABAAD1A37AABB08206.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\6822CCC1875B4536231B.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\6824755C86CF5244EBB4.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\68461FFBE2AB011691AE.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\687B5D8D87F188977E5D.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\69A0AED74E86B87A51C8.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\708C5D9333EC9E54E297.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\70D3491173F95362C1CC.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\722FEC9BA057A883FE52.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\740AF5DF29177BDBE64C.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\748A3B325EC5C08006C9.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\7AA8A97E28F65BEDAE80.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\7B904F661A6D92192B9C.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\7E32D607DDE5A5304A3A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\7EB198584F3721914E9D.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\81392141E18B42558293.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\87E23B1872099785E348.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\923C72F7DA0D15155C47.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\AA18A55630A89D766D85.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\AB8B1D7C60A4AAE70E51.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\AF734186BA1B192A332E.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\B0B3D3C66416616CA5CE.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\B838F5D871039A5EF5B3.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\B8D49D40BB83C32390BE.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\BBA708018991E48BD0CC.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\BEC51319F57960A5CA9D.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\BFF8CA6650753157FB90.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\CBC2322EB32060DC5494.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\D8FEE1A7C995129DD009.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\DE85E135FD3B432053D4.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\DF263FBC88D44B4960D3.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\E27E836A4572F6158628.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\E5D61CC36A7FC66ABFD5.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\E6925ADD353B0CC4752A.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\E9143F73AFF575C60F79.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\EBEDE1B9AAA932F13D15.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\EF1E56532E8BEF299671.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\F484CD9E607ED0711880.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\F4AEC24FF585D5CC48FC.vuze
c:\users\Brett\AppData\Roaming\Azureus\subs\FB842F38FBD17B46F780.vuze
c:\users\Brett\AppData\Roaming\Azureus\subscriptions.config
c:\users\Brett\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Brett\AppData\Roaming\Azureus\tables.config
c:\users\Brett\AppData\Roaming\Azureus\tables.config.bak
c:\users\Brett\AppData\Roaming\Azureus\timingstats.dat
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65168.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65169.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65170.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65171.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65172.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65173.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65174.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65175.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65177.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65178.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65180.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65181.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65182.tmp
c:\users\Brett\AppData\Roaming\Azureus\tmp\AZU65183.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\1963348
c:\users\Brett\AppData\Roaming\Azureus\torrents\2204247
c:\users\Brett\AppData\Roaming\Azureus\torrents\Australia[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU10107.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU11729.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU1210.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU26024.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU3547.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU38299.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU43706.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU48272.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU65176.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\AZU65179.tmp
c:\users\Brett\AppData\Roaming\Azureus\torrents\Bedtime.Stories.2008.TELESYNC.XViD-PUKKA.[Movie-Torrentz]_[mininova][1].torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Beverly.Hills.Chihuahua[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Borat[2006]DvDrip.AC3[Eng]-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Bride_Wars_2009_TELESYNC_XviD-KingBen_(Kingdom-Release)_[mininova][1].torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\City.Of.Ember[2008]DvDrip-aXXo_[mininova][1].torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Duplicity.[2009].DvDrip..XviD.-.aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\He s Just Not That Into You[2009]DvDrip..XviD.-.aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\High.School.Musical.3-Senior.Year[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Knowing[2009]DvDrip..XviD.-.aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Madagascar-Escape.2.Africa[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Max.Payne[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Monsters.vs.Aliens.TS.XViD-mVs.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Pineapple.Express[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Quantum.Of.Solace[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Saw.5[2008][Unrated.Edition]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Slumdog Millionaire[2008]DvDrip[Eng]-FXG.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Taken[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\The.Boy.In.The.Striped.Pyjamas[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\The.Dark.Knight[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Twilight.2008.DVDRIP.XviD-ZEKTORM.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Twilight[2008]DvDrip-aXXo_[mininova][1].torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\W.[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\torrents\Wall-E[2008]DvDrip-aXXo.torrent
c:\users\Brett\AppData\Roaming\Azureus\tracker.config
c:\users\Brett\AppData\Roaming\Azureus\tracker.config.bak
c:\users\Brett\AppData\Roaming\Azureus\unsentdata.config
c:\users\Brett\AppData\Roaming\Azureus\unsentdata.config.bak
c:\users\Brett\AppData\Roaming\Azureus\update.log
c:\users\Brett\AppData\Roaming\Azureus\update.properties
c:\users\Brett\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\Brett\AppData\Roaming\Azureus\v3.Friends.dat.bak
c:\users\Brett\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Brett\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Brett\AppData\Roaming\LimeWire
c:\users\Brett\AppData\Roaming\LimeWire\414splashpro.png
c:\users\Brett\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Brett\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Brett\AppData\Roaming\LimeWire\downloads.dat
c:\users\Brett\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Brett\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Brett\AppData\Roaming\LimeWire\filters.props
c:\users\Brett\AppData\Roaming\LimeWire\gnutella.net
c:\users\Brett\AppData\Roaming\LimeWire\installation.props
c:\users\Brett\AppData\Roaming\LimeWire\library.dat
c:\users\Brett\AppData\Roaming\LimeWire\limewire.props
c:\users\Brett\AppData\Roaming\LimeWire\mojito.props
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Brett\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Brett\AppData\Roaming\LimeWire\questions.props
c:\users\Brett\AppData\Roaming\LimeWire\responses.cache
c:\users\Brett\AppData\Roaming\LimeWire\simpp.xml
c:\users\Brett\AppData\Roaming\LimeWire\spam.dat
c:\users\Brett\AppData\Roaming\LimeWire\tables.props
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\logo.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\searching.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\splash.png
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\splashpro.png
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Brett\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Brett\AppData\Roaming\LimeWire\ttree.cache
c:\users\Brett\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Brett\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Brett\AppData\Roaming\LimeWire\version.xml
c:\users\Brett\AppData\Roaming\LimeWire\versions.props
c:\users\Brett\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Brett\AppData\Roaming\LimeWire\xml\data\delete_me
c:\users\Brett\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Brett\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Brett\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Brett\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Brett\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Brett\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Brett\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Brett\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Brett\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Brett\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Brett\AppData\Roaming\LimeWire\xml\schemas\video.xsd
c:\users\Joey\AppData\Roaming\LimeWire
c:\users\Joey\AppData\Roaming\LimeWire\414splashpro.png
c:\users\Joey\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Joey\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Joey\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Joey\AppData\Roaming\LimeWire\filters.props
c:\users\Joey\AppData\Roaming\LimeWire\gnutella.net
c:\users\Joey\AppData\Roaming\LimeWire\installation.props
c:\users\Joey\AppData\Roaming\LimeWire\library.dat
c:\users\Joey\AppData\Roaming\LimeWire\limewire.props
c:\users\Joey\AppData\Roaming\LimeWire\mojito.props
c:\users\Joey\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Joey\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Joey\AppData\Roaming\LimeWire\questions.props
c:\users\Joey\AppData\Roaming\LimeWire\spam.dat
c:\users\Joey\AppData\Roaming\LimeWire\tables.props
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\logo.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\searching.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\splash.png
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\splashpro.png
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Joey\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Joey\AppData\Roaming\LimeWire\versions.props
c:\users\Joey\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Joey\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Joey\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Joey\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Joey\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Joey\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Joey\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Joey\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Joey\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Joey\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Joey\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Joey\AppData\Roaming\LimeWire\xml\schemas\video.xsd
c:\users\Naomi\AppData\Roaming\LimeWire
c:\users\Naomi\AppData\Roaming\LimeWire\414splashpro.png
c:\users\Naomi\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Naomi\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Naomi\AppData\Roaming\LimeWire\downloads.dat
c:\users\Naomi\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Naomi\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Naomi\AppData\Roaming\LimeWire\filters.props
c:\users\Naomi\AppData\Roaming\LimeWire\gnutella.net
c:\users\Naomi\AppData\Roaming\LimeWire\installation.props
c:\users\Naomi\AppData\Roaming\LimeWire\library.dat
c:\users\Naomi\AppData\Roaming\LimeWire\limewire.props
c:\users\Naomi\AppData\Roaming\LimeWire\mojito.props
c:\users\Naomi\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Naomi\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Naomi\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Naomi\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Naomi\AppData\Roaming\LimeWire\questions.props
c:\users\Naomi\AppData\Roaming\LimeWire\responses.cache
c:\users\Naomi\AppData\Roaming\LimeWire\simpp.xml
c:\users\Naomi\AppData\Roaming\LimeWire\spam.dat
c:\users\Naomi\AppData\Roaming\LimeWire\tables.props
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\logo.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\searching.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\splash.png
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\splashpro.png
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Naomi\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Naomi\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Naomi\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Naomi\AppData\Roaming\LimeWire\version.xml
c:\users\Naomi\AppData\Roaming\LimeWire\versions.props
c:\users\Naomi\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Naomi\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Naomi\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Naomi\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Naomi\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Naomi\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Naomi\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Naomi\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Naomi\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Naomi\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Naomi\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Naomi\AppData\Roaming\LimeWire\xml\schemas\video.xsd
c:\users\Renae\AppData\Roaming\LimeWire
c:\users\Renae\AppData\Roaming\LimeWire\414splashpro.png
c:\users\Renae\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Renae\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Renae\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Renae\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Renae\AppData\Roaming\LimeWire\filters.props
c:\users\Renae\AppData\Roaming\LimeWire\installation.props
c:\users\Renae\AppData\Roaming\LimeWire\library.dat
c:\users\Renae\AppData\Roaming\LimeWire\limewire.props
c:\users\Renae\AppData\Roaming\LimeWire\mojito.props
c:\users\Renae\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Renae\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Renae\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Renae\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Renae\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Renae\AppData\Roaming\LimeWire\questions.props
c:\users\Renae\AppData\Roaming\LimeWire\simpp.xml
c:\users\Renae\AppData\Roaming\LimeWire\tables.props
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\logo.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\notsearching.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\searching.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\splash.png
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\splashpro.png
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Renae\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Renae\AppData\Roaming\LimeWire\version.xml
c:\users\Renae\AppData\Roaming\LimeWire\versions.props
c:\users\Renae\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Renae\AppData\Roaming\LimeWire\xml\misc\application.gif
c:\users\Renae\AppData\Roaming\LimeWire\xml\misc\audio.gif
c:\users\Renae\AppData\Roaming\LimeWire\xml\misc\document.gif
c:\users\Renae\AppData\Roaming\LimeWire\xml\misc\image.gif
c:\users\Renae\AppData\Roaming\LimeWire\xml\misc\video.gif
c:\users\Renae\AppData\Roaming\LimeWire\xml\schemas\application.xsd
c:\users\Renae\AppData\Roaming\LimeWire\xml\schemas\audio.xsd
c:\users\Renae\AppData\Roaming\LimeWire\xml\schemas\document.xsd
c:\users\Renae\AppData\Roaming\LimeWire\xml\schemas\image.xsd
c:\users\Renae\AppData\Roaming\LimeWire\xml\schemas\video.xsd
.
((((((((((((((((((((((((( Files Created from 2009-03-24 to 2009-04-24 )))))))))))))))))))))))))))))))
.
2009-04-23 09:36 . 2009-04-23 09:36 -------- d-----w c:\users\All Users\NortonInstaller
2009-04-23 09:36 . 2009-04-23 09:36 -------- d-----w c:\programdata\NortonInstaller
2009-04-21 12:20 . 2009-04-21 12:20 -------- d-----w c:\users\Naomi\AppData\Roaming\Malwarebytes
2009-04-21 10:15 . 2009-04-21 10:15 -------- d-----w c:\users\All Users\SUPERAntiSpyware.com
2009-04-21 10:15 . 2009-04-21 10:15 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-04-21 05:19 . 2009-04-21 05:19 -------- d-----w c:\users\Renae\AppData\Roaming\BitDefender
2009-04-20 13:27 . 2009-04-21 20:38 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-20 13:27 . 2009-04-20 13:27 -------- d-----w c:\users\Brett\AppData\Roaming\SUPERAntiSpyware.com
2009-04-20 13:04 . 2009-04-20 13:04 -------- d-----w c:\users\Brett\AppData\Roaming\Malwarebytes
2009-04-19 21:55 . 2009-04-19 21:54 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 09:45 . 2009-04-06 05:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-19 09:45 . 2009-04-06 05:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 09:45 . 2009-04-20 13:04 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-19 09:45 . 2009-04-19 09:45 -------- d-----w c:\users\All Users\Malwarebytes
2009-04-19 09:45 . 2009-04-19 09:45 -------- d-----w c:\programdata\Malwarebytes
2009-04-18 07:33 . 2009-04-24 09:24 121 ----a-w c:\windows\bdagent.INI
2009-04-17 21:39 . 2009-04-17 21:39 -------- d-----w c:\users\Joey\AppData\Roaming\BitDefender
2009-04-17 11:23 . 2009-04-17 11:23 -------- d-----w c:\users\Naomi\AppData\Roaming\BitDefender
2009-04-17 10:34 . 2009-04-17 10:34 132 ----a-w C:\httpdwl.dat
2009-04-17 10:13 . 2009-04-18 07:31 -------- d-----w c:\users\Brett\AppData\Local\ApplicationHistory
2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w c:\users\Brett\AppData\Roaming\BitDefender
2009-04-17 09:29 . 2009-04-17 09:29 -------- d-----w C:\Binaries
2009-04-16 11:14 . 2009-04-16 11:14 -------- d-----w c:\windows\system32\URTTEMP
2009-04-16 11:13 . 2009-04-17 09:28 -------- d-----w c:\program files\Common Files\BitDefender
2009-04-15 09:19 . 2009-04-15 12:38 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-14 20:52 . 2009-04-14 20:52 691 ----a-w c:\users\Naomi\AppData\Roaming\GetValue.vbs
2009-04-14 20:52 . 2009-04-14 20:52 35 ----a-w c:\users\Naomi\AppData\Roaming\SetValue.bat
2009-04-14 20:41 . 2009-03-03 02:27 1383424 ----a-w c:\windows\system32\mshtml.tlb
2009-04-10 04:40 . 2009-04-10 04:40 -------- d-----w c:\users\Brett\AppData\Roaming\Media Player Classic
2009-04-10 04:39 . 2009-04-11 07:40 -------- d-----w C:\Amadis Video Converter Output
2009-04-10 04:13 . 2009-04-10 04:13 -------- d-----w C:\temp
2009-04-09 10:55 . 2009-04-09 10:55 -------- d-----w c:\program files\Amadis Software
2009-04-04 03:55 . 2009-04-04 03:55 -------- d-----w c:\program files\WinAVI MP4 Converter
2009-04-02 10:30 . 2009-04-11 07:32 -------- d-----w c:\program files\AviSynth 2.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-24 09:28 . 2008-07-04 08:57 -------- d-----w c:\programdata\BOC426
2009-04-24 00:29 . 2009-04-16 21:46 81984 ----a-w c:\windows\System32\bdod.bin
2009-04-23 21:12 . 2008-11-13 09:26 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-23 20:17 . 2009-01-14 10:07 -------- d-----w c:\program files\Vuze
2009-04-23 09:41 . 2007-04-17 00:52 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-21 11:02 . 2008-07-06 03:18 310 ----a-w c:\program files\action.log
2009-04-20 13:10 . 2008-11-13 09:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-19 21:54 . 2008-06-28 23:10 -------- d-----w c:\program files\Java
2009-04-18 07:55 . 2009-04-17 09:28 -------- d-----w c:\programdata\BitDefender
2009-04-17 10:45 . 2008-11-13 12:11 -------- d-----w c:\users\Brett\AppData\Roaming\U3
2009-04-17 09:51 . 2008-04-23 08:34 192512 ----a-w c:\windows\System32\txmlutil.dll
2009-04-17 09:51 . 2008-08-14 08:54 104328 ----a-w c:\windows\system32\drivers\bdfndisf.sys
2009-04-17 09:51 . 2008-08-12 08:40 242184 ----a-w c:\windows\system32\drivers\bdfsfltr.sys
2009-04-17 09:51 . 2008-08-12 08:40 111112 ----a-w c:\windows\system32\drivers\bdfm.sys
2009-04-17 09:51 . 2008-07-02 03:07 82696 ----a-w c:\windows\system32\drivers\BDVEDISK.sys
2009-04-17 09:30 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-17 09:30 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-17 09:30 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-17 09:28 . 2009-04-16 11:15 -------- d-----w c:\program files\BitDefender
2009-04-16 21:17 . 2007-04-17 01:00 -------- d-----w c:\programdata\Microsoft Help
2009-04-14 21:03 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 20:53 . 2009-04-14 20:51 2305 ----a-w C:\rapport.txt
2009-04-14 10:18 . 2008-06-18 05:48 8160 ----a-w c:\users\Brett\AppData\Local\d3d9caps.dat
2009-04-10 04:26 . 2009-04-04 03:55 50611 ----a-w C:\MP4debug.log
2009-03-30 10:38 . 2008-08-16 03:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:38 . 2009-04-14 20:42 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 20:42 13824 ----a-w c:\windows\System32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 20:42 24064 ----a-w c:\windows\System32\amxread.dll
2009-03-07 08:40 . 2008-06-29 09:52 -------- d-----w c:\programdata\DVD Shrink
2009-03-03 04:46 . 2009-04-14 20:42 3599328 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 20:42 3547632 ----a-w c:\windows\System32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 20:42 827392 ----a-w c:\windows\System32\wininet.dll
2009-03-03 04:39 . 2009-04-14 20:42 183296 ----a-w c:\windows\System32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 20:42 551424 ----a-w c:\windows\System32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 20:42 26112 ----a-w c:\windows\System32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 20:42 78336 ----a-w c:\windows\System32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 20:42 98304 ----a-w c:\windows\System32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 20:42 54784 ----a-w c:\windows\System32\iasads.dll
2009-03-03 04:37 . 2009-04-14 20:42 44032 ----a-w c:\windows\System32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 20:42 666624 ----a-w c:\windows\System32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 20:42 17408 ----a-w c:\windows\System32\iashost.exe
2009-03-03 02:28 . 2009-04-14 20:42 26624 ----a-w c:\windows\System32\ieUnatt.exe
2009-02-27 21:51 . 2008-07-11 09:38 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-27 05:25 . 2008-06-20 05:58 104448 ----a-w c:\users\Renae\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-25 07:37 . 2008-06-18 08:47 104448 ----a-w c:\users\Joey\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 21:00 . 2008-06-18 06:58 104448 ----a-w c:\users\Naomi\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-24 11:14 . 2008-06-18 05:49 104448 ----a-w c:\users\Brett\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 08:49 . 2009-04-14 20:42 72704 ----a-w c:\windows\System32\secur32.dll
2009-02-13 08:49 . 2009-04-14 20:42 1255936 ----a-w c:\windows\System32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 10:36 2033152 ----a-w c:\windows\System32\win32k.sys
2009-01-13 09:28 . 2009-01-13 09:28 680 ----a-w c:\users\Naomi\AppData\Local\d3d9caps.dat
2008-08-04 12:07 . 2008-07-06 03:17 235 ----a-w c:\program files\order.ord
2008-06-29 12:34 . 2008-06-29 12:34 0 ----a-w c:\users\Brett\AppData\Roaming\wklnhst.dat
2008-06-29 04:29 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-06-28 23:31 . 2008-06-28 23:31 680 ----a-w c:\users\Renae\AppData\Local\d3d9caps.dat
2008-06-20 12:36 . 2008-06-20 12:36 3222 ----a-w c:\users\All Users\xml4A78.tmp
2008-06-20 12:36 . 2008-06-20 12:36 3222 ----a-w c:\programdata\xml4A78.tmp
2008-06-20 12:36 . 2008-06-20 12:36 18406 ----a-w c:\users\All Users\xml3CE0.tmp
2008-06-20 12:36 . 2008-06-20 12:36 18406 ----a-w c:\programdata\xml3CE0.tmp
.
((((((((((((((((((((((((((((( SnapShot@2009-04-22_11.19.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-17 00:53 . 2009-04-22 21:07 57286 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-04-24 00:32 77096 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-02-29 17:56 . 2009-04-22 11:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-29 17:56 . 2009-04-24 09:25 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-02-29 17:56 . 2009-04-22 11:09 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-29 17:56 . 2009-04-24 09:25 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-02-29 17:56 . 2009-04-22 11:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-02-29 17:56 . 2009-04-24 09:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 02:28 . 2009-04-24 00:32 9548 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413795696-3658026189-2771670509-1001_UserData.bin
+ 2008-06-18 05:47 . 2009-04-23 09:45 9634 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413795696-3658026189-2771670509-1000_UserData.bin
+ 2009-04-24 00:30 . 2009-04-24 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-22 11:09 . 2009-04-22 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-24 00:30 . 2009-04-24 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-22 11:09 . 2009-04-22 11:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-04-24 00:36 611614 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-04-22 11:16 611614 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-24 00:36 110318 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-04-22 11:16 110318 c:\windows\System32\perfc009.dat
- 2006-11-02 12:47 . 2009-04-22 11:19 1835008 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-24 09:40 1835008 c:\windows\ServiceProfiles\NetworkService\ntuser.dat
- 2006-11-02 12:47 . 2009-04-22 11:10 1835008 c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2006-11-02 12:47 . 2009-04-24 00:31 1835008 c:\windows\ServiceProfiles\LocalService\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]
"BOC-426"="c:\progra~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 351480]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-17 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-17 69632]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
c:\users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\users\Naomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk.disabled [2008-6-23 1115]
c:\users\Renae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
[BU]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Empowering Technology Monitor"=c:\acer\Empowering Technology\SysMonitor.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ED1E9675-5C5C-4552-8979-8FFBD704C996}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C5A6A6A0-D297-4AA6-9383-21A16C3F9929}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{72054225-EE28-47DF-B2B8-F3B9C93964A3}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{793FE12F-5ADA-48C0-A6C2-2F64F67F5139}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6CCF7CF8-77F5-4804-B894-0A15F1C4201D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{4BDB85EB-3D9F-4E05-9520-D65F8A66F7BF}"= UDP:f:\program files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{BE8147AD-FC69-4E8A-BBCA-642A052C5F53}"= TCP:f:\program files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe:SiSoftware Sandra Agent Service
"{F60E4F0C-7DAD-45E5-BB26-0584F22B3E8B}"= UDP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{7F03506F-C21D-424B-8EE0-7EEDB9600CDA}"= TCP:c:\windows\System32\muzapp.exe:MUZ AOD APP player
"{26BF0D4E-BB39-4CBF-8A2B-C5BBD4271537}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4BD78FA3-78E6-4649-BBDD-7A7FBCC7DCAC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{643D283F-91CA-4592-A463-F5FF2D66A42D}"= UDP:18380:BitComet 18380 TCP
"{770EC11C-6E5D-4937-A426-7D5C7DC8676B}"= TCP:18380:BitComet 18380 UDP
"{763DB909-DC4B-4F03-AFCD-675A3D2D590F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{887A0C2F-5494-43A9-9541-D4C538BD0A78}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R1 SASKUTIL;SASKUTIL; [x]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-04-17 82696]
S2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe [2008-03-27 73464]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2009-04-17 111112]
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\bdfndisf.sys [2009-04-17 104328]
S3 TfBulk;TfBulk;c:\windows\system32\DRIVERS\TfBulk.sys [2007-05-31 13312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e5ab778-40f6-11dd-bc8b-001c25881c9d}]
\shell\AutoRun\command - K:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec47aee1-9641-11dd-ac11-001c25881c9d}]
\shell\AutoRun\command - L:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-04-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SbSD.exe [2009-04-13 05:31]
2009-04-22 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-13 05:31]
2009-04-24 c:\windows\Tasks\User_Feed_Synchronization-{5BAAAF56-1351-453D-8D8A-4B3FC76EDE93}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
2009-04-23 c:\windows\Tasks\User_Feed_Synchronization-{93E7DC4F-24FD-4BAE-B9CA-738C5562A473}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-04-24 19:43
ComboFix-quarantined-files.txt 2009-04-24 09:43
ComboFix2.txt 2009-04-22 11:23
Pre-Run: 163,473,465,344 bytes free
Post-Run: 163,480,440,832 bytes free
782 --- E O F --- 2009-04-21 23:00
Delete this folder as well:
c:\program files\Vuze
Empty Recycle Bin.
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
Hi Shaba
This is the online scan log, but I just noticed that it scanned Critical Objects by default. Do you want me to do it again for 'My Computer'?
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Saturday, April 25, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, April 24, 2009 08:11:47
Records in database: 2074498
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - Critical Areas:
C:\Program Files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Windows
Scan statistics:
Files scanned: 94696
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:17:50
No malware has been detected. The scan area is clean.
The selected area was scanned.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, April 26, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 25, 2009 21:25:15
Records in database: 2078794
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
M:\
Scan statistics:
Files scanned: 222684
Threat name: 5
Infected objects: 11
Suspicious objects: 0
Duration of the scan: 03:37:22
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\gxvxcrcqercnnottxbpwvihqroqlnlikhcpoe.dll.vir Infected: Trojan.Win32.Agent2.hoq 1
C:\Users\Brett\AppData\Local\Microsoft\Outlook\archive.pst Infected: Trojan.Win32.Genome.hdr 1
C:\Users\Brett\Documents\My Documents\Documents and Settings\brett1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Bagle.p 4
F:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:PSWTool.Win32.RAS.a 2
F:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Downloader.Win32.INService.gen 3
The selected area was scanned.
Empty this folder:
C:\Qoobox\Quarantine
Empty Recycle Bin.
Still problems?
Do these pose a theat?
C:\Users\Brett\AppData\Local\Microsoft\Outlook\archive.pst Infected: Trojan.Win32.Genome.hdr 1
C:\Users\Brett\Documents\My Documents\Documents and Settings\brett1\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Email-Worm.Win32.Bagle.p 4
F:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: not-a-virus:PSWTool.Win32.RAS.a 2
F:\Documents and Settings\Brett\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Downloader.Win32.INService.gen 3
PC has been running alot better for the past 3-4 days, but Malwarebytes and Kaspersky are still finding Viruses/Trogans?
Those are in mail databases but as kaspersky doesn't anymore say in which particular mails those are, not much can be done. You can delete all suspicious mails from those mail accounts.
Please post next malwarebytes report.
This may sound like a stupid question but when I do a scan with say Malwarebytes as me (an admistrator) does it scan All other users data and files as well?
Reason I ask is that I did a scan as myself nd it found 1 infection, then I logged on as the kids seperatly and run a scan and it found 3 infections on one of them and 4 on the other (Myweb search and a DNS changer).
Have not run my wifes yet.
No I don't think so it does.
So do I need to scan them all seperatly on a weekly basis? or could you leave it longer like monthly as they are not heavy users?
Monthly would be good idea.
Are you ready for final instructions? :)
Malwarebytes' Anti-Malware 1.36
Database version: 2043
Windows 6.0.6001 Service Pack 1
27/04/2009 6:08:05 AM
mbam-log-2009-04-27 (06-07-43).txt
Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 321634
Time elapsed: 2 hour(s), 22 minute(s), 45 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
F:\System Volume Information\_restore{8D593262-2E88-47CE-A68D-04989AD86A44}\RP38\A0026967.exe (Trojan.Downloader) -> No action taken.
Yes, I think tke system is back to it's original state. any recommendations re: security from you would be appreciated.
Thank you so much for ALL of your help!:bigthumb:
Good :)
Before that, have you uninstall symantec products?
I have removed all of the Symantec remenants, I will be reformating F:\ tonight when I get home as that is where the old .PST files are.
So my defence consists of:
Bitdefender Total Security 2009
BOClean
Spybot Teatimer
Regular Spybot and Malwarebytes Scans
Is this sufficient assuming P2P programs are no longer used? or do some of these create conflicts with each other because they do some of the same functions.
Please post then a fresh hijackthis log that I can see that all symantec remnants are gone :)
That is good combination, I will give some further tips in my final instructions.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:19 PM, on 27/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Comodo\CBOClean\BOC426.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Brett\Desktop\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [BOC-426] C:\PROGRA~1\Comodo\CBOClean\BOC426.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-21-2413795696-3658026189-2771670509-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Naomi')
O4 - HKUS\S-1-5-21-2413795696-3658026189-2771670509-1001\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Naomi')
O4 - HKUS\S-1-5-21-2413795696-3658026189-2771670509-1001\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Naomi')
O4 - S-1-5-21-2413795696-3658026189-2771670509-1001 Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled (User 'Naomi')
O4 - S-1-5-21-2413795696-3658026189-2771670509-1001 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk.disabled (User 'Naomi')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www4.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Windows\
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - Unknown owner - F:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 8042 bytes
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)
Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Happy surfing and stay clean! :bigthumb:
Hi Shaba
Thank you so much for everthing that you have done!
I will certainly be alot more cautious about what gets downloaded and installed in the future.
:bigthumb::bigthumb::bigthumb::bigthumb::bigthumb::bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.