View Full Version : help to remove MyWay.MyWebSearch please...
hi..i've been running SpyBot and it cant seem to remove the MyWay.MyWebSearch infection. ran HiJack this and this is the Result i got:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:46 PM, on 20/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.224.5:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ansar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99B08A85-38BA-4A79-893D-554FF663263A}: NameServer = 196.3.132.153,196.3.132.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7D898A1-E72D-4220-B743-5E7E4CB2C068}: NameServer = 196.3.132.153,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{99B08A85-38BA-4A79-893D-554FF663263A}: NameServer = 196.3.132.153,196.3.132.154
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bfd3b32d50b1) (gupdate1c9bfd3b32d50b1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10728 bytes
Can someone please help me with this..please...:confused:
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Hi Katana... i did wat u asked of me, thank you for taking the time to deal with my problems.. Here are the requested logs u asked for:
i'm sorry but the log files are too long to post.
Here are the attachments of both files:
thank you for your time..:bigthumb:
Oh wait... i can post the logs like this..sorry...
info.txt logfile of random's system information tool 1.06 2009-05-21 19:21:58
======Uninstall list======
-->"C:\Program Files\HP Games\7 Wonders II\Uninstall.exe"
-->"C:\Program Files\HP Games\Amazing Adventures The Lost Tomb\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Belle's Beauty Boutique\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
-->"C:\Program Files\HP Games\Paradise Pet Salon\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Pirateville\Uninstall.exe"
-->"C:\Program Files\HP Games\Plant Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Supercow\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Wedding Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ABBYY FineReader 5.0 Sprint-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AlcoDens 2.1-->"C:\Program Files\AlcoDens\unins000.exe"
ArcSoft PhotoImpression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{108A1507-9317-44FC-A877-176A0F7A7B87}\Setup.exe" -l0x9 -uninst
Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Avanquest update-->"C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IWAHerza.INF
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 -removeonly
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.65\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_HERMOSA_HSF\UIU32m.exe -U -IHPQHERzm.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.40 F1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Smart Web Printing-->msiexec /i{380357CA-29F4-4B3C-B401-32C057E6B59B}
HP Total Care Advisor-->MsiExec.exe /X{f32502b5-5b64-4882-bf61-77f23edcac4f}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0121-->MsiExec.exe /I{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}
HP Wireless Assistant-->MsiExec.exe /I{340F521E-3576-4E1A-B75C-EB0ACF751379}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
HPTCSSetup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA3B34BE-4246-4062-90A3-34CBBEA12B72}\setup.exe" -l0x9 -removeonly
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 4.1.6-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LimeWire 5.0.11-->"C:\Program Files\LimeWire\uninstall.exe"
MergeMagic1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24CDF2E3-BCA7-4D00-A811-9B19050DB1B1}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MiraScan 6.1 (5000)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2E8D6D-EE50-4689-B7ED-1E580BC04CC1}\Setup.exe" -l0x9
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar-->MsiExec.exe /I{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x0009 -removeonly
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Driver Package - MSN (usbccgp) USB (02/14/2007 1.2.0.7)-->C:\PROGRA~1\DIFX\5BE688ACC8BC158E\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\wlphonecv.inf_3554a4d9\wlphonecv.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
======Security center information======
AV: ESET NOD32 Antivirus 3.0
AS: ESET NOD32 Antivirus 3.0
AS: Spybot - Search and Destroy
AS: Windows Defender
======System event log======
Computer Name: Ansar-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 82981
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090521225611.000000-000
Event Type: Warning
User:
Computer Name: Ansar-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SABKUTIL
Record Number: 82983
Source Name: Service Control Manager
Time Written: 20090521225615.000000-000
Event Type: Error
User:
Computer Name: Ansar-PC
Event Code: 34005
Message: The ICS_IPV6 was unable to allocate bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Record Number: 82990
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090521225617.000000-000
Event Type: Warning
User:
Computer Name: Ansar-PC
Event Code: 34001
Message: The ICS_IPV6 failed to configure IPv6 stack.
Record Number: 82991
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090521225617.000000-000
Event Type: Error
User:
Computer Name: Ansar-PC
Event Code: 30013
Message: The DHCP allocator has disabled itself on IP address 192.168.1.15, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
Record Number: 82992
Source Name: Microsoft-Windows-SharedAccess_NAT
Time Written: 20090521225617.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Ansar-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1876926021-3462019510-1632751971-1000_Classes:
Process 992 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000_CLASSES
Record Number: 21480
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090521042442.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ansar-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 21492
Source Name: Microsoft-Windows-WMI
Time Written: 20090521150647.000000-000
Event Type: Error
User:
Computer Name: Ansar-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
16 user registry handles leaked from \Registry\User\S-1-5-21-1876926021-3462019510-1632751971-1000:
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000
Process 984 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\Root
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\My
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\CA
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Policies\Microsoft\SystemCertificates
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\trust
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 712 (\Device\HarddiskVolume1\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000\Software\Microsoft\SystemCertificates\Disallowed
Record Number: 21515
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090521173347.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ansar-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1876926021-3462019510-1632751971-1000_Classes:
Process 984 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1876926021-3462019510-1632751971-1000_CLASSES
Record Number: 21516
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090521173350.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ansar-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 21529
Source Name: Microsoft-Windows-WMI
Time Written: 20090521225609.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Ansar-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28244
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521232152.538827-000
Event Type: Audit Failure
User:
Computer Name: Ansar-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28245
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521232152.630827-000
Event Type: Audit Failure
User:
Computer Name: Ansar-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28246
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521232152.687827-000
Event Type: Audit Failure
User:
Computer Name: Ansar-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28247
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521232152.714827-000
Event Type: Audit Failure
User:
Computer Name: Ansar-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 28248
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090521232152.740827-000
Event Type: Audit Failure
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Presario
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ansar at 2009-05-21 19:21:40
Microsoft® Windows Vista™ Home Basic Service Pack 1
System drive C: has 32 GB (22%) free of 143 GB
Total RAM: 1978 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:21:53 PM, on 21/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ansar\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ansar.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.224.5:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ansar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99B08A85-38BA-4A79-893D-554FF663263A}: NameServer = 196.3.132.153,196.3.132.154
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7D898A1-E72D-4220-B743-5E7E4CB2C068}: NameServer = 196.3.132.153,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{99B08A85-38BA-4A79-893D-554FF663263A}: NameServer = 196.3.132.153,196.3.132.154
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9bfd3b32d50b1) (gupdate1c9bfd3b32d50b1) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10848 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{F8C11240-9989-415C-875C-C0D6EEC1AAD5}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-18 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-20 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-02-20 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-14 501056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-10-19 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-02-20 251504]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll [2009-03-13 82768]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-17 145944]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-12 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-12 202032]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-18 185872]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Google Update"=C:\Users\Ansar\AppData\Local\Google\Update\GoogleUpdate.exe /c []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-20 39408]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
C:\Users\Ansar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-06-12 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eca498f-0a62-11de-9862-001d72748a1e}]
shell\AutoRun\command - F:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe
shell\open\command - F:\RECYCLE\D-0-060-0000000000-1111111-2222222\FiX.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ca81ea-c876-11dd-a7d6-001d72748a1e}]
shell\AutoRun\command - F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
shell\open\command - F:\SYSTEM\S-1-5-21-1482476501-1644491937-682003330-1013\OgarD.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8ca81ed-c876-11dd-a7d6-001d72748a1e}]
shell\AutoRun\command - H:\LaunchU3.exe -a
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2009-05-21 19:21:40 ----D---- C:\rsit
2009-05-21 00:04:22 ----D---- C:\Lyrics
2009-05-20 22:51:34 ----D---- C:\Program Files\Trend Micro
2009-05-19 21:44:47 ----D---- C:\ProgramData\WindowsSearch
2009-05-19 21:29:42 ----A---- C:\rollback.ini
2009-05-19 19:58:07 ----D---- C:\Program Files\Common Files\ParetoLogic
2009-05-19 19:55:01 ----SHD---- C:\Config.Msi
2009-05-19 18:04:57 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-05-19 18:03:51 ----D---- C:\Users\Ansar\AppData\Roaming\SUPERAntiSpyware.com
2009-05-19 18:03:51 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-14 19:46:11 ----D---- C:\Program Files\Avanquest update
2009-05-14 19:44:13 ----D---- C:\Program Files\Motorola Phone Tools
2009-05-14 19:42:26 ----D---- C:\Users\Ansar\AppData\Roaming\InstallShield
2009-05-08 21:55:29 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-05-08 21:55:29 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-05-08 21:55:28 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-05-08 21:55:27 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-05-08 21:55:27 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-05-08 21:55:25 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-05-08 21:55:19 ----A---- C:\Windows\system32\XAudio2_1.dll
2009-05-08 21:55:19 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2009-05-08 21:55:18 ----A---- C:\Windows\system32\xactengine3_1.dll
2009-05-08 21:55:18 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2009-05-08 21:55:17 ----A---- C:\Windows\system32\D3DX9_38.dll
2009-05-08 21:55:17 ----A---- C:\Windows\system32\d3dx10_38.dll
2009-05-08 21:55:17 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2009-05-08 21:21:49 ----D---- C:\Program Files\Ubisoft
2009-05-08 20:26:52 ----D---- C:\Users\Ansar\AppData\Roaming\Leadertech
2009-05-08 20:05:21 ----A---- C:\Windows\system32\XAudio2_0.dll
2009-05-08 20:05:20 ----A---- C:\Windows\system32\xactengine3_0.dll
2009-05-08 20:05:20 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2009-05-08 20:05:20 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-05-08 20:05:20 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-05-08 20:05:20 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-05-08 20:05:19 ----A---- C:\Windows\system32\xactengine2_10.dll
2009-05-08 20:05:19 ----A---- C:\Windows\system32\d3dx10_36.dll
2009-05-08 20:05:19 ----A---- C:\Windows\system32\D3DCompiler_36.dll
2009-05-08 20:05:18 ----A---- C:\Windows\system32\xactengine2_9.dll
2009-05-08 20:05:18 ----A---- C:\Windows\system32\d3dx9_36.dll
2009-05-08 20:05:18 ----A---- C:\Windows\system32\d3dx10_35.dll
2009-05-08 20:05:17 ----A---- C:\Windows\system32\xactengine2_8.dll
2009-05-08 20:05:17 ----A---- C:\Windows\system32\X3DAudio1_2.dll
2009-05-08 20:05:17 ----A---- C:\Windows\system32\d3dx9_35.dll
2009-05-08 20:05:17 ----A---- C:\Windows\system32\D3DCompiler_35.dll
2009-05-08 20:05:16 ----A---- C:\Windows\system32\xinput1_3.dll
2009-05-08 20:05:16 ----A---- C:\Windows\system32\d3dx9_34.dll
2009-05-08 20:05:16 ----A---- C:\Windows\system32\d3dx10_34.dll
2009-05-08 20:05:16 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2009-05-08 20:05:15 ----A---- C:\Windows\system32\xactengine2_7.dll
2009-05-08 20:05:15 ----A---- C:\Windows\system32\d3dx10_33.dll
2009-05-08 20:05:14 ----A---- C:\Windows\system32\d3dx9_33.dll
2009-05-08 20:05:14 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2009-05-08 20:05:13 ----A---- C:\Windows\system32\xactengine2_6.dll
2009-05-08 20:05:13 ----A---- C:\Windows\system32\xactengine2_5.dll
2009-05-08 20:05:13 ----A---- C:\Windows\system32\d3dx10.dll
2009-05-08 20:05:12 ----A---- C:\Windows\system32\xactengine2_4.dll
2009-05-08 20:05:12 ----A---- C:\Windows\system32\x3daudio1_1.dll
2009-05-08 20:05:12 ----A---- C:\Windows\system32\d3dx9_32.dll
2009-05-08 20:05:12 ----A---- C:\Windows\system32\d3dx9_31.dll
2009-05-08 20:05:11 ----A---- C:\Windows\system32\xinput1_2.dll
2009-05-08 20:05:11 ----A---- C:\Windows\system32\xactengine2_3.dll
2009-05-08 20:05:11 ----A---- C:\Windows\system32\xactengine2_2.dll
2009-05-08 20:05:10 ----A---- C:\Windows\system32\xinput1_1.dll
2009-05-08 20:05:09 ----A---- C:\Windows\system32\xactengine2_1.dll
2009-05-08 20:04:58 ----A---- C:\Windows\system32\d3dx9_30.dll
2009-05-08 20:04:57 ----A---- C:\Windows\system32\xactengine2_0.dll
2009-05-08 20:04:57 ----A---- C:\Windows\system32\x3daudio1_0.dll
2009-05-08 20:04:56 ----A---- C:\Windows\system32\d3dx9_29.dll
2009-05-08 20:04:56 ----A---- C:\Windows\system32\d3dx9_28.dll
2009-05-08 20:04:53 ----A---- C:\Windows\system32\d3dx9_26.dll
2009-05-08 20:04:53 ----A---- C:\Windows\system32\d3dx9_25.dll
2009-05-08 20:04:52 ----A---- C:\Windows\system32\d3dx9_24.dll
2009-05-05 15:40:14 ----D---- C:\divx
2009-05-04 15:31:58 ----D---- C:\Program Files\PowerISO
2009-05-04 15:29:26 ----D---- C:\ProgramData\DAEMON Tools Pro
2009-05-04 15:26:06 ----D---- C:\Users\Ansar\AppData\Roaming\DAEMON Tools Pro
2009-05-03 15:19:02 ----D---- C:\ProgramData\ESET
2009-05-03 15:19:02 ----D---- C:\Program Files\ESET
2009-05-03 08:09:49 ----D---- C:\Users\Ansar\AppData\Roaming\DivX
2009-05-02 18:48:03 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-05-02 18:47:10 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-02 18:47:07 ----D---- C:\Program Files\DivX
2009-04-26 22:23:51 ----A---- C:\Windows\PrimoPDF Uninstall Log.txt
2009-04-26 21:31:56 ----A---- C:\Windows\_MSRSTRT.EXE
2009-04-26 01:19:26 ----A---- C:\Windows\system32\Primomonnt.dll
2009-04-26 01:19:22 ----D---- C:\Windows\PrimoPDF4
2009-04-26 01:19:00 ----A---- C:\Windows\PrimoPDF Setup Log.txt
2009-04-26 00:51:50 ----D---- C:\Program Files\GPLGS
2009-04-26 00:50:50 ----A---- C:\Windows\system32\cpwmon2k.dll
2009-04-26 00:50:49 ----D---- C:\Program Files\Acro Software
2009-04-17 23:11:19 ----D---- C:\ProgramData\Google Updater
2009-04-17 01:56:21 ----D---- C:\Users\Ansar\AppData\Roaming\SuperAdBlocker.com
2009-04-15 16:24:40 ----A---- C:\Windows\system32\dpl100.dll
2009-04-15 16:24:38 ----A---- C:\Windows\system32\divx_xx11.dll
2009-04-15 16:24:38 ----A---- C:\Windows\system32\divx_xx0c.dll
2009-04-15 16:24:38 ----A---- C:\Windows\system32\divx_xx0a.dll
2009-04-15 16:24:38 ----A---- C:\Windows\system32\divx_xx07.dll
2009-04-15 16:24:38 ----A---- C:\Windows\system32\DivX.dll
2009-04-15 00:21:11 ----A---- C:\Windows\system32\winhttp.dll
2009-04-15 00:21:06 ----A---- C:\Windows\system32\xolehlp.dll
2009-04-15 00:21:06 ----A---- C:\Windows\system32\msdtcprx.dll
2009-04-15 00:20:46 ----A---- C:\Windows\system32\rpcss.dll
2009-04-15 00:20:46 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-04-15 00:20:45 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-04-15 00:20:44 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-04-15 00:20:43 ----A---- C:\Windows\system32\sdohlp.dll
2009-04-15 00:20:43 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-04-15 00:20:43 ----A---- C:\Windows\system32\iasrecst.dll
2009-04-15 00:20:43 ----A---- C:\Windows\system32\iashost.exe
2009-04-15 00:20:43 ----A---- C:\Windows\system32\iasdatastore.dll
2009-04-15 00:20:43 ----A---- C:\Windows\system32\iasads.dll
2009-04-15 00:20:37 ----A---- C:\Windows\system32\lsasrv.dll
2009-04-15 00:20:36 ----A---- C:\Windows\system32\secur32.dll
2009-04-15 00:20:36 ----A---- C:\Windows\system32\kernel32.dll
2009-04-15 00:20:36 ----A---- C:\Windows\system32\apilogen.dll
2009-04-15 00:20:36 ----A---- C:\Windows\system32\amxread.dll
2009-04-12 21:01:53 ----D---- C:\Users\Ansar\AppData\Roaming\BitTorrent
2009-04-11 01:31:50 ----D---- C:\Program Files\AlcoDens
2009-04-09 22:01:07 ----D---- C:\Users\Ansar\AppData\Roaming\DMCache
2009-04-09 21:34:02 ----A---- C:\Windows\system32\javaws.exe
2009-04-09 21:34:02 ----A---- C:\Windows\system32\javaw.exe
2009-04-09 21:34:02 ----A---- C:\Windows\system32\java.exe
2009-04-05 22:09:17 ----A---- C:\Windows\ntbtlog.txt
2009-04-04 22:29:42 ----D---- C:\Temp
2009-03-27 03:01:03 ----D---- C:\ProgramData\SpeedBit
2009-03-22 00:03:15 ----D---- C:\Program Files\Common Files\Stardock
2009-03-22 00:03:14 ----D---- C:\Program Files\Stardock
2009-03-21 17:26:51 ----D---- C:\Program Files\Windows Live SkyDrive
2009-03-21 12:57:48 ----D---- C:\Users\Ansar\AppData\Roaming\Skype
2009-03-21 12:56:19 ----RD---- C:\Program Files\Skype
2009-03-21 12:55:53 ----D---- C:\ProgramData\Skype
2009-03-19 20:54:29 ----A---- C:\Windows\system32\mshtmled.dll
2009-03-19 20:54:28 ----A---- C:\Windows\system32\mshtmler.dll
2009-03-19 20:54:28 ----A---- C:\Windows\system32\ieui.dll
2009-03-19 20:54:28 ----A---- C:\Windows\system32\icardie.dll
2009-03-19 20:54:28 ----A---- C:\Windows\system32\admparse.dll
2009-03-19 20:54:25 ----A---- C:\Windows\system32\jsproxy.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\msls31.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\imgutil.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\iernonce.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\ieakeng.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\dxtmsft.dll
2009-03-19 20:54:24 ----A---- C:\Windows\system32\corpol.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\occache.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\licmgr10.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\inseng.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\iepeers.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\ieaksie.dll
2009-03-19 20:54:23 ----A---- C:\Windows\system32\dxtrans.dll
2009-03-19 20:54:22 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-03-19 20:54:22 ----A---- C:\Windows\system32\wextract.exe
2009-03-19 20:54:22 ----A---- C:\Windows\system32\webcheck.dll
2009-03-19 20:54:22 ----A---- C:\Windows\system32\mstime.dll
2009-03-19 20:54:22 ----A---- C:\Windows\system32\msrating.dll
2009-03-19 20:54:22 ----A---- C:\Windows\system32\msfeedssync.exe
2009-03-19 20:54:22 ----A---- C:\Windows\system32\iesetup.dll
2009-03-19 20:54:22 ----A---- C:\Windows\system32\ieakui.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\vbscript.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\url.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\pngfilt.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\msfeeds.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\jscript.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\ieapfltr.dll
2009-03-19 20:54:21 ----A---- C:\Windows\system32\advpack.dll
2009-03-19 20:54:20 ----A---- C:\Windows\system32\mshta.exe
2009-03-19 20:54:20 ----A---- C:\Windows\system32\iexpress.exe
2009-03-19 20:54:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-03-19 20:54:19 ----A---- C:\Windows\system32\wininet.dll
2009-03-19 20:54:19 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-03-19 20:54:19 ----A---- C:\Windows\system32\SetDepNx.exe
2009-03-19 20:54:19 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-03-19 20:54:19 ----A---- C:\Windows\system32\PDMSetup.exe
2009-03-19 20:54:19 ----A---- C:\Windows\system32\ieUnatt.exe
2009-03-19 20:54:19 ----A---- C:\Windows\system32\iesysprep.dll
2009-03-19 20:54:19 ----A---- C:\Windows\system32\iertutil.dll
2009-03-19 20:54:19 ----A---- C:\Windows\system32\ie4uinit.exe
2009-03-19 20:54:18 ----A---- C:\Windows\system32\urlmon.dll
2009-03-19 20:54:17 ----A---- C:\Windows\system32\ieframe.dll
2009-03-19 20:54:15 ----A---- C:\Windows\system32\mshtml.dll
2009-03-19 20:53:17 ----D---- C:\Program Files\MSN
2009-03-19 20:52:49 ----HD---- C:\Windows\msdownld.tmp
2009-03-14 12:09:43 ----A---- C:\Windows\system32\deploytk.dll
2009-03-10 20:12:49 ----A---- C:\Windows\system32\schannel.dll
2009-03-06 23:07:44 ----A---- C:\Windows\MegaManager.INI
2009-03-06 07:36:25 ----D---- C:\ProgramData\EmailNotifier
2009-03-06 07:32:11 ----D---- C:\Users\Ansar\AppData\Roaming\U3
2009-03-06 07:16:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-03-06 07:16:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-03-05 06:54:58 ----A---- C:\Windows\system32\RtNicProp32.dll
2009-02-26 22:12:57 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-26 22:11:24 ----D---- C:\Program Files\Microsoft
2009-02-26 22:10:12 ----A---- C:\Windows\system32\wmp.dll
2009-02-26 22:10:10 ----A---- C:\Windows\system32\spwmp.dll
2009-02-26 22:10:10 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-26 22:10:09 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-24 21:16:01 ----D---- C:\Program Files\Adobe
2009-02-24 14:36:11 ----D---- C:\Users\Ansar\AppData\Roaming\HP
2009-02-23 00:29:48 ----D---- C:\Users\Ansar\AppData\Roaming\Megaupload
2009-02-22 21:46:19 ----D---- C:\Users\Ansar\AppData\Roaming\GrabPro
2009-02-22 21:46:19 ----D---- C:\downloads
2009-02-22 21:46:18 ----D---- C:\Users\Ansar\AppData\Roaming\Orbit
======List of files/folders modified in the last 3 months======
2009-05-21 19:21:46 ----D---- C:\Windows\Temp
2009-05-21 18:58:25 ----D---- C:\Windows\Tasks
2009-05-21 13:21:43 ----SHD---- C:\System Volume Information
2009-05-21 00:11:46 ----D---- C:\Program Files
2009-05-19 22:19:14 ----SHD---- C:\Windows\Installer
2009-05-19 22:18:57 ----HD---- C:\ProgramData
2009-05-19 22:18:48 ----D---- C:\Windows\System32
2009-05-19 21:31:23 ----D---- C:\Windows\system32\catroot
2009-05-19 21:31:21 ----D---- C:\Windows\system32\drivers
2009-05-19 20:57:39 ----D---- C:\Windows\system32\Tasks
2009-05-19 19:58:07 ----D---- C:\Program Files\Common Files
2009-05-19 19:55:25 ----D---- C:\Program Files\Mozilla Firefox
2009-05-18 21:49:32 ----D---- C:\Windows\inf
2009-05-18 18:41:44 ----D---- C:\Program Files\Google
2009-05-17 21:24:40 ----D---- C:\Windows
2009-05-16 11:24:26 ----D---- C:\Windows\winsxs
2009-05-15 11:19:59 ----D---- C:\Windows\system32\catroot2
2009-05-14 19:46:10 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-14 19:46:10 ----D---- C:\ProgramData\BVRP Software
2009-05-14 19:24:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-05-13 15:32:53 ----D---- C:\ProgramData\Microsoft Help
2009-05-13 15:32:10 ----RSD---- C:\Windows\assembly
2009-05-13 14:58:48 ----D---- C:\Program Files\Windows Mail
2009-05-11 23:51:29 ----RSD---- C:\Windows\Fonts
2009-05-11 23:51:23 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-11 23:47:44 ----A---- C:\Windows\win.ini
2009-05-11 23:47:41 ----D---- C:\Program Files\Common Files\System
2009-05-09 23:16:58 ----SD---- C:\Windows\Downloaded Program Files
2009-05-09 22:22:41 ----D---- C:\Windows\Prefetch
2009-05-08 21:51:39 ----D---- C:\Windows\Logs
2009-05-08 19:15:48 ----D---- C:\Program Files\Internet Explorer
2009-05-07 03:16:29 ----A---- C:\Windows\system32\mrt.exe
2009-05-06 17:19:58 ----D---- C:\Users\Ansar\AppData\Roaming\LimeWire
2009-04-26 21:30:43 ----AD---- C:\ProgramData\TEMP
2009-04-18 19:47:16 ----D---- C:\Windows\system32\WDI
2009-04-17 14:52:33 ----D---- C:\Windows\Minidump
2009-04-17 02:11:45 ----D---- C:\Program Files\Atheros
2009-04-17 01:55:25 ----D---- C:\Windows\system32\URTTEMP
2009-04-15 03:17:04 ----D---- C:\Windows\system32\wbem
2009-04-15 03:17:02 ----D---- C:\Windows\system32\manifeststore
2009-04-15 03:17:02 ----D---- C:\Windows\AppPatch
2009-04-12 21:04:30 ----D---- C:\Users\Ansar\AppData\Roaming\uTorrent
2009-04-09 21:34:00 ----D---- C:\Program Files\Java
2009-04-05 04:42:50 ----D---- C:\Windows\system32\Msdtc
2009-04-05 04:42:11 ----D---- C:\Windows\system32\config
2009-04-05 04:41:51 ----D---- C:\Windows\system32\spool
2009-04-05 04:41:51 ----D---- C:\Windows\system32\CodeIntegrity
2009-04-05 04:41:51 ----D---- C:\Windows\SMINST
2009-04-05 04:41:48 ----D---- C:\Windows\registration
2009-04-05 04:29:26 ----SD---- C:\ProgramData\Microsoft
2009-03-22 00:18:15 ----SD---- C:\Users\Ansar\AppData\Roaming\Microsoft
2009-03-21 17:26:28 ----D---- C:\Program Files\Windows Live
2009-03-21 11:48:44 ----D---- C:\Users\Ansar\AppData\Roaming\hewlett-packard
2009-03-21 11:17:19 ----D---- C:\Program Files\Hewlett-Packard
2009-03-21 11:15:56 ----D---- C:\SWSetup
2009-03-21 10:58:08 ----D---- C:\ProgramData\Hewlett-Packard
2009-03-21 09:51:41 ----A---- C:\Windows\system32\avgrsstx.dll.install_backup
2009-03-19 21:19:22 ----D---- C:\Windows\rescache
2009-03-19 20:57:41 ----D---- C:\Windows\system32\migration
2009-03-19 20:57:41 ----D---- C:\Windows\system32\en-US
2009-03-19 20:57:41 ----D---- C:\Windows\PolicyDefinitions
2009-03-19 20:53:33 ----D---- C:\Windows\SoftwareDistribution
2009-03-12 23:43:14 ----D---- C:\Program Files\K-Lite Codec Pack
2009-03-09 17:33:18 ----D---- C:\ProgramData\WLInstaller
2009-03-06 23:00:45 ----D---- C:\Windows\system32\LogFiles
2009-02-27 01:56:16 ----D---- C:\Program Files\Windows Media Player
2009-02-24 21:16:15 ----D---- C:\Program Files\Common Files\Adobe
2009-02-24 21:16:07 ----D---- C:\ProgramData\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\Windows\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 eamon;EAMON; C:\Windows\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 MaVctrl;MaVctrl; C:\Windows\system32\DRIVERS\MaVc2K.sys [2007-01-16 11986]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-06 140800]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 mamotou;mamotou; C:\Windows\system32\DRIVERS\mamotou.sys [2007-02-02 49377]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM); C:\Windows\system32\DRIVERS\w300bus.sys [2006-03-13 60800]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\w300mdfl.sys [2006-03-13 9264]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\w300mdm.sys [2006-03-13 96352]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\w300mgmt.sys [2006-03-13 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\w300obex.sys [2006-03-13 85696]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
S2 gupdate1c9bfd3b32d50b1;Google Update Service (gupdate1c9bfd3b32d50b1); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-17 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 183280]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire 5.0.11
BitTorrent
uTorrent
I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.
Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812).
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.
USBNoRisk
Please download USBNoRisk (http://amf.mycity.co.yu/personal/bobby/USBNoRisk/usbnorisk.exe) to your Desktop and run it by double-clicking the program's icon
wait a couple of seconds for initial scan to be done
connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
if there are more USB storage devices to scan, please take a note about the order in which these were connected
after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.
----------------------------------------------------------- -----------------------------------------------------------
Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.
----------------------------------------------------------- -----------------------------------------------------------
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
hi Katana.. this is the log using the USBNoRisk:
USBNoRisk 2.2 09 May 2009 by bobby
Started at 22/05/2009 05:32:55 PM
Searching for connected USB Mass storage...
----------------------------------------
========================================
Searching for other storage...
----------------------------------------
C: {09ace029-c427-11dd-813f-806e6f6e6963}
D: {09ace02a-c427-11dd-813f-806e6f6e6963}
========================================
Scanning fixed storage...
----------------------------------------
No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 09ace029-c427-11dd-813f-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------
No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 09ace02a-c427-11dd-813f-806e6f6e6963
----------------------------------------
Desktop.ini found at D:\boot\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\HP\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\PRELOAD\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\RECOVERY\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\SOURCES\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\Tools\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\WINDOWS\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
Desktop.ini found at D:\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
[ShellvRTF]
RTFPath="protect.ed"
IconIndex=1
[Language]
default="protect.ed"
Chinese_HongKong="protect.chinese hong kong"
Chinese (Traditional)="protect.chinese hong kong"
Chinese_Simplified="protect.chinese simplified"
Chinese (Simplified)="protect.chinese simplified"
Chinese_Traditional="protect.chinese traditional"
Czech="protect.czech"
Danish="protect.danish"
Dutch="protect.dutch"
English="protect.english"
Finnish="protect.finnish"
French="protect.french"
German="protect.german"
Greek="protect.greek"
Hebrew="protect.hebrew"
Hungarian="protect.hungarian"
Italian="protect.italian"
Japanese="protect.japanese"
Korean="protect.korean"
Norwegian (Bokmål)="protect.norwegian"
Polish="protect.polish"
Portuguese="protect.portuguese"
Portuguese (Portugal)="protect.portuguese"
Portuguese_Brazilian="protect.portuguese brazilian"
Portuguese (Brazil)="protect.portuguese brazilian"
Russian="protect.russian"
Spanish="protect.spanish"
Swedish="protect.swedish"
Turkish="protect.turkish"
----------------------------------------
HKCR\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
HKLM\Software\Classes\CLSID\{7f67036b-66f1-411a-ad85-759fb9c5b0db}\InprocServer32,@ = C:\Windows\System32\ShellvRTF.dll
----------------------------------------
========================================
Initial scan finished!
========================================
New device connected at 22/05/2009 05:33:19 PM
Scanning for connected USB mass storage...
----------------------------------------
G: {1a1832cb-c987-11dd-b646-001d72748a1e}
Added G:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for 1a1832cb-c987-11dd-b646-001d72748a1e
----------------------------------------
No Desktop.ini files found on G:
----------------------------------------
No mimics found on drive G:
========================================
========================================
Removed G:
========================================
New device connected at 22/05/2009 05:34:38 PM
Scanning for connected USB mass storage...
----------------------------------------
G: {f516e04e-c411-11dd-982d-001d72748a1e}
Added G:
========================================
Scanning USB mass storage for files...
----------------------------------------
No blocked files found on G:
----------------------------------------
No Autorun.inf files found on G:
Sanitized mountpoint for f516e04e-c411-11dd-982d-001d72748a1e
----------------------------------------
No Desktop.ini files found on G:
----------------------------------------
No mimics found on drive G:
========================================
:)
Do you have the MalwareBytes and Combofix logs ?
i am currently running the malware bytes. i shall post both logs when they are finished. thank you for your time Katana. :bigthumb:
hey Katana.. these are the logs for the Malwarebytes:
Malwarebytes' Anti-Malware 1.36
Database version: 2167
Windows 6.0.6001 Service Pack 1
22/05/2009 08:37:38 PM
mbam-log-2009-05-22 (20-37-38).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 279808
Time elapsed: 2 hour(s), 52 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Windows\Temp\cd16ad40-6e62-4a05-9b29-3fa760915a9d.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
:bigthumb:
ComboFix 09-05-22.05 - Ansar 22/05/2009 21:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1029 [GMT -4:00]
Running from: c:\users\Ansar\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-04-23 to 2009-05-23 )))))))))))))))))))))))))))))))
.
2009-05-23 01:04 . 2009-05-23 01:04 -------- d-----w c:\users\Ansar\AppData\Local\temp
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\users\Ansar\AppData\Roaming\Malwarebytes
2009-05-22 21:41 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 21:41 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\programdata\Malwarebytes
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 21:35 . 2009-05-22 21:36 -------- d-----w C:\USBNoRisk
2009-05-21 23:21 . 2009-05-21 23:21 -------- d-----w C:\rsit
2009-05-21 17:22 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{14060FFD-C1F0-44A2-8F4A-7CF63395EAE2}\mpengine.dll
2009-05-21 04:04 . 2009-05-21 04:09 -------- d-----w C:\Lyrics
2009-05-21 02:51 . 2009-05-21 02:51 -------- d-----w c:\program files\Trend Micro
2009-05-20 01:44 . 2009-05-20 01:44 -------- d-----w c:\programdata\WindowsSearch
2009-05-20 01:21 . 2009-05-20 02:08 305184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-19 23:58 . 2009-05-20 02:18 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-19 23:57 . 2009-05-19 23:57 -------- d-----w c:\users\Ansar\AppData\Local\Downloaded Installations
2009-05-19 22:04 . 2009-05-19 22:04 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-19 22:03 . 2009-05-19 23:55 -------- d-----w c:\users\Ansar\AppData\Roaming\SUPERAntiSpyware.com
2009-05-19 22:03 . 2009-05-19 23:55 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-19 01:49 . 2009-05-19 01:49 -------- d-----w c:\users\Ansar\{7b895694-a5cb-41d6-8eae-526bb9925d01}
2009-05-14 23:46 . 2009-05-14 23:46 -------- d-----w c:\users\Ansar\AppData\Local\BVRP Software
2009-05-14 23:46 . 2009-05-19 01:50 -------- d-----w c:\program files\Avanquest update
2009-05-14 23:44 . 2009-05-19 01:59 -------- d-----w c:\program files\Motorola Phone Tools
2009-05-14 23:42 . 2009-05-14 23:42 -------- d-----w c:\users\Ansar\AppData\Roaming\InstallShield
2009-05-09 01:21 . 2009-05-09 01:21 -------- d-----w c:\program files\Ubisoft
2009-05-09 00:26 . 2009-05-09 00:26 -------- d-----w c:\users\Ansar\AppData\Roaming\Leadertech
2009-05-09 00:04 . 2005-05-26 19:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-05-05 19:40 . 2009-05-05 19:40 -------- d-----w C:\divx
2009-05-04 19:31 . 2009-05-04 19:32 -------- d-----w c:\program files\PowerISO
2009-05-04 19:29 . 2009-05-04 19:29 -------- d-----w c:\programdata\DAEMON Tools Pro
2009-05-04 19:26 . 2009-05-04 19:26 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-04 19:26 . 2009-05-04 19:26 -------- d-----w c:\users\Ansar\AppData\Roaming\DAEMON Tools Pro
2009-05-03 20:49 . 2009-05-03 20:49 -------- d-----w c:\users\Ansar\AppData\Local\ESET
2009-05-03 19:21 . 2008-03-03 22:21 568 ---ha-w c:\windows\nod32fixtemdono.reg
2009-05-03 19:21 . 2008-03-03 18:25 5702 ---ha-w c:\windows\nod32restoretemdono.reg
2009-05-03 19:19 . 2009-05-03 19:19 -------- d-----w c:\program files\ESET
2009-05-03 12:09 . 2009-05-03 18:46 -------- d-----w c:\users\Ansar\AppData\Roaming\DivX
2009-05-03 00:03 . 2009-05-03 00:03 -------- d-----w c:\users\Ansar\AppData\Local\ABBYY
2009-05-02 22:48 . 2009-05-02 22:48 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-05-02 22:47 . 2009-05-02 22:51 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-02 22:47 . 2009-05-02 22:52 -------- d-----w c:\program files\DivX
2009-04-27 01:31 . 2009-04-27 01:31 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-26 05:19 . 2006-12-11 21:12 176235 ----a-w c:\windows\system32\Primomonnt.dll
2009-04-26 05:19 . 2009-04-26 05:19 -------- d-----w c:\windows\PrimoPDF4
2009-04-26 04:54 . 2009-05-03 14:46 -------- d-----w c:\users\Ansar\AppData\Local\CutePDF Writer
2009-04-26 04:51 . 2009-04-26 04:51 -------- d-----w c:\program files\GPLGS
2009-04-26 04:50 . 2007-07-13 02:33 87552 ----a-w c:\windows\system32\cpwmon2k.dll
2009-04-26 04:50 . 2009-04-26 04:50 -------- d-----w c:\program files\Acro Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 21:18 . 2009-04-18 03:11 -------- d-----w c:\programdata\Google Updater
2009-05-20 02:08 . 2009-05-20 01:21 5696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-18 22:41 . 2008-12-07 23:52 -------- d-----w c:\program files\Google
2009-05-14 23:46 . 2009-01-05 02:54 -------- d-----w c:\programdata\BVRP Software
2009-05-14 23:46 . 2008-07-26 05:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 19:32 . 2008-07-26 06:12 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 18:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-12 17:05 . 2008-12-07 03:34 106952 ----a-w c:\users\Ansar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 18:08 . 2009-05-10 18:08 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-06 21:19 . 2008-12-20 22:22 -------- d-----w c:\users\Ansar\AppData\Roaming\LimeWire
2009-04-27 01:31 . 2009-03-27 07:01 -------- d-----w c:\programdata\SpeedBit
2009-04-18 01:24 . 2009-01-11 04:03 680 ----a-w c:\users\Ansar\AppData\Local\d3d9caps.dat
2009-04-17 06:11 . 2008-08-30 00:17 -------- d-----w c:\program files\Atheros
2009-04-17 05:56 . 2009-04-17 05:56 -------- d-----w c:\users\Ansar\AppData\Roaming\SuperAdBlocker.com
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-13 01:04 . 2009-02-20 23:48 -------- d-----w c:\users\Ansar\AppData\Roaming\uTorrent
2009-04-12 02:58 . 2009-04-11 05:31 -------- d-----w c:\program files\AlcoDens
2009-04-10 02:17 . 2009-04-10 02:01 -------- d-----w c:\users\Ansar\AppData\Roaming\DMCache
2009-04-10 01:34 . 2008-07-26 06:36 -------- d-----w c:\program files\Java
2009-03-31 18:35 . 2009-05-10 02:23 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 20:30 . 2009-05-10 02:23 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-17 03:38 . 2009-04-15 04:20 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 04:20 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-09 09:19 . 2009-03-14 16:09 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 03:02 . 2009-02-20 02:11 576 ----a-w c:\users\Ansar\AppData\Roaming\wklnhst.dat
2009-03-08 11:34 . 2009-03-20 00:54 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-20 00:54 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 00:54 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-20 00:54 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 00:54 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 00:54 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 00:54 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 00:54 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 00:54 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 00:54 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 00:54 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-20 00:54 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 00:54 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-20 00:54 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 00:54 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 00:54 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 00:54 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-20 00:54 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 21:12 . 2008-04-16 21:25 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 16:29 . 2009-04-12 02:28 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 04:46 . 2009-04-15 04:20 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 04:20 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 04:20 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 04:20 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 04:20 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 04:20 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 04:20 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 04:20 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 04:20 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 04:20 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-26 03:45 . 2008-07-26 03:45 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-18 185872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
c:\users\Ansar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-22 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8F554C7-B099-4399-813F-8A2B38A79F77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{87694E78-9EB3-4CB9-8E88-7F074201024C}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{A0D24EB6-88FA-44A2-9070-2C5E8561C571}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{7C18D264-B54C-4509-9541-FB2BC7259F52}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E23181D-DA45-41BA-99DD-AE972129FB0C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{6140E728-4804-495E-9A7F-DB3CEAEA2973}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{298E6A08-DD95-4057-88A8-DDE83B0A31F5}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{9F8F522E-F744-4DA0-82A7-357431FEFE2C}c:\\users\\ansar\\desktop\\warcraft iii\\warcraft iii\\war3.exe"= UDP:c:\users\ansar\desktop\warcraft iii\warcraft iii\war3.exe:war3.exe
"UDP Query User{C520C188-7412-4479-A39A-448045019040}c:\\users\\ansar\\desktop\\warcraft iii\\warcraft iii\\war3.exe"= TCP:c:\users\ansar\desktop\warcraft iii\warcraft iii\war3.exe:war3.exe
"{D4FA4BD8-A4E1-4958-B2BC-290E69633B95}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89382D21-35EA-4F7D-8314-099FA7465973}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B55DE91-EF4B-4F37-8A20-EA69C44276B8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{94A5EA25-EEDB-4F9C-AB91-24708446B7C4}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D98CEE01-2E2F-475F-B560-51350673B986}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{896277CE-8EBA-40A7-A971-171A451F282B}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{F880A23A-BBDC-4B58-A223-13BEF26397F5}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{C6B1AE5E-0F32-4E51-8195-86EC73C6736B}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{95AC2981-A5C0-46B3-960D-196819B918E1}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{E9E21F8E-605E-48F5-A0DA-8579CA2D297E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B6DB4579-5A6A-4FC2-956C-4AA6CE8137C9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6D0993DC-DD61-4890-9808-BEB550300D3C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{54D0F3D7-27CA-4CEC-A1C5-B6A59E2F8916}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E668AD22-749F-42CF-AA14-CC405485CEB0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{E0BD50DA-14A5-4828-BED2-9DC86E11ED03}c:\\users\\ansar\\desktop\\programs\\utorrent.exe"= UDP:c:\users\ansar\desktop\programs\utorrent.exe:utorrent.exe
"UDP Query User{497A344E-39C2-422E-8B83-97EDBE271CC8}c:\\users\\ansar\\desktop\\programs\\utorrent.exe"= TCP:c:\users\ansar\desktop\programs\utorrent.exe:utorrent.exe
"{DB70A845-A7E3-429C-B1D1-78C423E4AD0F}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{A996D883-D014-45B1-930B-BFDD9BCD3943}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{57CC9AEE-4D52-49CF-8513-A3B4B9C7EAB8}"= UDP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{794D6C15-E388-47F7-8119-01A4AF111BFE}"= TCP:c:\program files\AVG\AVG8\avgui.exe:AVG Free User Interface
"{8BD1ED3B-8DCA-43CE-8A2E-237090A19C83}"= UDP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{AB90EF2E-E488-42F2-8825-EE8AE4E26223}"= TCP:c:\program files\AVG\AVG8\avgtray.exe:AVG Free Tray Icon
"{23E65CDD-0A74-41F4-8E1A-7DB0AE241D72}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{24BF3C7F-30C1-421C-911E-C46AAF704EF1}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{61F10E4D-E4A9-40C5-A3C0-3BA8FDBFD9E4}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{9C693193-662A-426C-8C09-96DCC6FA0FA8}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [20/02/2008 11:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 AM 472320]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/07/2008 02:31 AM 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/03/2009 07:16 AM 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/07/2008 01:31 AM 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [04/06/2008 01:54 PM 113664]
S2 gupdate1c9bfd3b32d50b1;Google Update Service (gupdate1c9bfd3b32d50b1);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:13 PM 133104]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [02/11/2006 04:32 AM 9216]
S3 mamotou;mamotou;c:\windows\System32\drivers\mamotou.sys [08/12/2008 09:01 PM 49377]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\w300mgmt.sys [11/12/2008 01:11 AM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\System32\drivers\w300obex.sys [11/12/2008 01:10 AM 85696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 03:11]
2009-05-23 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 03:13]
2009-05-23 c:\windows\Tasks\User_Feed_Synchronization-{F8C11240-9989-415C-875C-C0D6EEC1AAD5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-20 11:31]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Google Update - c:\users\Ansar\AppData\Local\Google\Update\GoogleUpdate.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = 192.168.224.5:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {99B08A85-38BA-4A79-893D-554FF663263A} = 196.3.132.153,196.3.132.154
TCP: {A7D898A1-E72D-4220-B743-5E7E4CB2C068} = 196.3.132.153,4.2.2.2
FF - ProfilePath - c:\users\Ansar\AppData\Roaming\Mozilla\Firefox\Profiles\wk9qt557.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 21:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-23 21:07
ComboFix-quarantined-files.txt 2009-05-23 01:07
Pre-Run: 33,144,836,096 bytes free
Post-Run: 33,137,356,800 bytes free
316 --- E O F --- 2009-05-21 17:22
thank you again for taking time with this..:thanks:
Do you know anything about these two files ?
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
hey... NOD32 is the name of the current anti virus program i am running. However.. the infection of MyWay.MyWebSearch was there before i installed The Nod32 antivirus Program.
However, i have reinstalled SpyBot search and destroy and i ran it in default mode after it has been updated and the results show no sign of infections. well it says that no immediate threats are found.
I know what Nod32 is, I was asking about these two files.
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
These do not come with the normal Nod32 installer, and I wished to know if you were aware of them and what their purpose is.
I am sorry katana but i do not know what those files are... i am currently runnig a trial version of NOD32
I am sorry katana but i do not know what those files are... i am currently running a trial version of NOD32
Then you will be surprised to learn that those files are "Cracks" which allow the NOD32 trial to continue working after it is supposed to expire
Cracks, Keygens and Warez
In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.
This applies to Cracks, Keygens and Warez
In the future I strongly suggest you stay away from using cracks and/or Keygens.
Disable Teatimer
We need to disable Teatimer as it may interfere with the cleaning.
Please do not re-enable it until I give instructions.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Click Link >>> HERE <<< Link (http://www.neoshine.co.uk/mina/Downloads/TTWipe.bat) and select "save as" and save it to your desktop
Double click TTWipe.bat
Reboot your machine for the changes to take effect.
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
c:\users\ansar\desktop\programs\utorrent.exe
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
Folder::
c:\users\Ansar\AppData\Roaming\LimeWire
c:\users\Ansar\AppData\Roaming\uTorrent
c:\program files\limewire
c:\program files\bittorrent
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7C18D264-B54C-4509-9541-FB2BC7259F52}"=-
"{7E23181D-DA45-41BA-99DD-AE972129FB0C}"=-
"TCP Query User{6140E728-4804-495E-9A7F-DB3CEAEA2973}c:\\program files\\limewire\\limewire.exe"=-
"UDP Query User{298E6A08-DD95-4057-88A8-DDE83B0A31F5}c:\\program files\\limewire\\limewire.exe"=-
"{94A5EA25-EEDB-4F9C-AB91-24708446B7C4}"=-
"{D98CEE01-2E2F-475F-B560-51350673B986}"=-
"TCP Query User{896277CE-8EBA-40A7-A971-171A451F282B}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{F880A23A-BBDC-4B58-A223-13BEF26397F5}c:\\program files\\bittorrent\\bittorrent.exe"=-
"TCP Query User{E0BD50DA-14A5-4828-BED2-9DC86E11ED03}c:\\users\\ansar\\desktop\\programs\\utorrent.exe"=-
"UDP Query User{497A344E-39C2-422E-8B83-97EDBE271CC8}c:\\users\\ansar\\desktop\\programs\\utorrent.exe"=-
"{57CC9AEE-4D52-49CF-8513-A3B4B9C7EAB8}"=-
"{794D6C15-E388-47F7-8119-01A4AF111BFE}"=-
"{8BD1ED3B-8DCA-43CE-8A2E-237090A19C83}"=-
"{AB90EF2E-E488-42F2-8825-EE8AE4E26223}"=-
driver::
NOD32FiXTemDono
Reglock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
hi katana... i did everything u asked me to do,,, from the logs of the Kasoersky... i see no malware.:laugh:
Here is the Combofix log:
ComboFix 09-05-22.05 - Ansar 23/05/2009 20:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1145 [GMT -4:00]
Running from: c:\users\Ansar\Desktop\ComboFix.exe
Command switches used :: c:\users\Ansar\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
c:\users\ansar\desktop\programs\utorrent.exe
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
.
PEV Error: LocalSettingsFile
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\bittorrent
c:\program files\bittorrent\bittorrent.exe
c:\program files\bittorrent\BitTorrentIE.2.dll
c:\program files\bittorrent\uninst.exe
c:\program files\limewire
c:\program files\limewire\lib\aopalliance.jar
c:\program files\limewire\lib\clink.jar
c:\program files\limewire\lib\commons-codec-1.3.jar
c:\program files\limewire\lib\commons-logging.jar
c:\program files\limewire\lib\commons-net.jar
c:\program files\limewire\lib\daap.jar
c:\program files\limewire\lib\forms.jar
c:\program files\limewire\lib\foxtrot.jar
c:\program files\limewire\lib\gettext-commons.jar
c:\program files\limewire\lib\guice-1.0.jar
c:\program files\limewire\lib\httpclient-4.0-alpha3.jar
c:\program files\limewire\lib\httpcore-4.0-beta2.jar
c:\program files\limewire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\limewire\lib\httpcore-niossl-4.0-alpha7.jar
c:\program files\limewire\lib\icu4j.jar
c:\program files\limewire\lib\jaudiotagger.jar
c:\program files\limewire\lib\jcraft.jar
c:\program files\limewire\lib\jdic.dll
c:\program files\limewire\lib\jdic.jar
c:\program files\limewire\lib\jdic_stub.jar
c:\program files\limewire\lib\jflac.jar
c:\program files\limewire\lib\jl.jar
c:\program files\limewire\lib\jmdns.jar
c:\program files\limewire\lib\jogg.jar
c:\program files\limewire\lib\jorbis.jar
c:\program files\limewire\lib\LimeWire.jar
c:\program files\limewire\lib\log4j.jar
c:\program files\limewire\lib\looks.jar
c:\program files\limewire\lib\messages.jar
c:\program files\limewire\lib\mp3spi.jar
c:\program files\limewire\lib\onion-common.jar
c:\program files\limewire\lib\onion-fec.jar
c:\program files\limewire\lib\ProgressTabs.jar
c:\program files\limewire\lib\swt.jar
c:\program files\limewire\lib\SystemUtilities.dll
c:\program files\limewire\lib\themes.jar
c:\program files\limewire\lib\tray.dll
c:\program files\limewire\lib\tritonus.jar
c:\program files\limewire\lib\vorbisspi.jar
c:\program files\limewire\LimeWire.exe
c:\users\Ansar\AppData\Roaming\LimeWire
c:\users\Ansar\AppData\Roaming\LimeWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\Ansar\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\Ansar\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Ansar\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Ansar\AppData\Roaming\LimeWire\downloads.dat
c:\users\Ansar\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Ansar\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Ansar\AppData\Roaming\LimeWire\filters.props
c:\users\Ansar\AppData\Roaming\LimeWire\gnutella.net
c:\users\Ansar\AppData\Roaming\LimeWire\installation.props
c:\users\Ansar\AppData\Roaming\LimeWire\library.dat
c:\users\Ansar\AppData\Roaming\LimeWire\library5.dat
c:\users\Ansar\AppData\Roaming\LimeWire\limewire.props
c:\users\Ansar\AppData\Roaming\LimeWire\mojito.props
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\98E79480d01
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\Cache\E746DCC7d01
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\Ansar\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\Ansar\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Ansar\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Ansar\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Ansar\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Ansar\AppData\Roaming\LimeWire\questions.props
c:\users\Ansar\AppData\Roaming\LimeWire\responses.cache
c:\users\Ansar\AppData\Roaming\LimeWire\simpp.xml
c:\users\Ansar\AppData\Roaming\LimeWire\spam.dat
c:\users\Ansar\AppData\Roaming\LimeWire\tables.props
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\01_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\02_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\03_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\04_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\05_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Ansar\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\logo.png
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\notsearching.png
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\searching.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Ansar\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Ansar\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Ansar\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Ansar\AppData\Roaming\LimeWire\version.xml
c:\users\Ansar\AppData\Roaming\LimeWire\versions.props
c:\users\Ansar\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Ansar\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\Ansar\AppData\Roaming\LimeWire\xml\data\image.sxml2
c:\users\Ansar\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Ansar\AppData\Roaming\uTorrent
c:\users\Ansar\AppData\Roaming\uTorrent\Behemoth - At the Left Hand Ov God.avi.torrent
c:\users\Ansar\AppData\Roaming\uTorrent\dht.dat
c:\users\Ansar\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Ansar\AppData\Roaming\uTorrent\Nickleback - dark horse(split tracks+covers).torrent
c:\users\Ansar\AppData\Roaming\uTorrent\resume.dat
c:\users\Ansar\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Ansar\AppData\Roaming\uTorrent\rss.dat
c:\users\Ansar\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Ansar\AppData\Roaming\uTorrent\settings.dat
c:\users\Ansar\AppData\Roaming\uTorrent\settings.dat.old
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NOD32FiXTemDono
((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.
2009-05-23 01:08 . 2009-05-24 01:03 -------- d-----w c:\users\Ansar\AppData\Local\temp
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\users\Ansar\AppData\Roaming\Malwarebytes
2009-05-22 21:41 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-22 21:41 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\programdata\Malwarebytes
2009-05-22 21:41 . 2009-05-22 21:41 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-22 21:35 . 2009-05-22 21:36 -------- d-----w C:\USBNoRisk
2009-05-21 23:21 . 2009-05-21 23:21 -------- d-----w C:\rsit
2009-05-21 17:22 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{14060FFD-C1F0-44A2-8F4A-7CF63395EAE2}\mpengine.dll
2009-05-21 04:04 . 2009-05-21 04:09 -------- d-----w C:\Lyrics
2009-05-21 02:51 . 2009-05-21 02:51 -------- d-----w c:\program files\Trend Micro
2009-05-20 01:44 . 2009-05-20 01:44 -------- d-----w c:\programdata\WindowsSearch
2009-05-20 01:21 . 2009-05-20 02:08 305184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-19 23:58 . 2009-05-20 02:18 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-05-19 23:57 . 2009-05-19 23:57 -------- d-----w c:\users\Ansar\AppData\Local\Downloaded Installations
2009-05-19 22:04 . 2009-05-19 22:04 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-19 22:03 . 2009-05-19 23:55 -------- d-----w c:\users\Ansar\AppData\Roaming\SUPERAntiSpyware.com
2009-05-19 22:03 . 2009-05-19 23:55 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-19 01:49 . 2009-05-19 01:49 -------- d-----w c:\users\Ansar\{7b895694-a5cb-41d6-8eae-526bb9925d01}
2009-05-14 23:46 . 2009-05-14 23:46 -------- d-----w c:\users\Ansar\AppData\Local\BVRP Software
2009-05-14 23:46 . 2009-05-19 01:50 -------- d-----w c:\program files\Avanquest update
2009-05-14 23:44 . 2009-05-19 01:59 -------- d-----w c:\program files\Motorola Phone Tools
2009-05-14 23:42 . 2009-05-14 23:42 -------- d-----w c:\users\Ansar\AppData\Roaming\InstallShield
2009-05-09 01:21 . 2009-05-09 01:21 -------- d-----w c:\program files\Ubisoft
2009-05-09 00:26 . 2009-05-09 00:26 -------- d-----w c:\users\Ansar\AppData\Roaming\Leadertech
2009-05-09 00:04 . 2005-05-26 19:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-05-05 19:40 . 2009-05-05 19:40 -------- d-----w C:\divx
2009-05-04 19:31 . 2009-05-04 19:32 -------- d-----w c:\program files\PowerISO
2009-05-04 19:29 . 2009-05-04 19:29 -------- d-----w c:\programdata\DAEMON Tools Pro
2009-05-04 19:26 . 2009-05-04 19:26 721904 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-04 19:26 . 2009-05-04 19:26 -------- d-----w c:\users\Ansar\AppData\Roaming\DAEMON Tools Pro
2009-05-03 20:49 . 2009-05-03 20:49 -------- d-----w c:\users\Ansar\AppData\Local\ESET
2009-05-03 19:19 . 2009-05-03 19:19 -------- d-----w c:\program files\ESET
2009-05-03 12:09 . 2009-05-03 18:46 -------- d-----w c:\users\Ansar\AppData\Roaming\DivX
2009-05-03 00:03 . 2009-05-03 00:03 -------- d-----w c:\users\Ansar\AppData\Local\ABBYY
2009-05-02 22:48 . 2009-05-02 22:48 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-05-02 22:47 . 2009-05-02 22:51 -------- d-----w c:\program files\Common Files\DivX Shared
2009-05-02 22:47 . 2009-05-02 22:52 -------- d-----w c:\program files\DivX
2009-04-27 01:31 . 2009-04-27 01:31 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-04-26 05:19 . 2006-12-11 21:12 176235 ----a-w c:\windows\system32\Primomonnt.dll
2009-04-26 05:19 . 2009-04-26 05:19 -------- d-----w c:\windows\PrimoPDF4
2009-04-26 04:54 . 2009-05-03 14:46 -------- d-----w c:\users\Ansar\AppData\Local\CutePDF Writer
2009-04-26 04:51 . 2009-04-26 04:51 -------- d-----w c:\program files\GPLGS
2009-04-26 04:50 . 2007-07-13 02:33 87552 ----a-w c:\windows\system32\cpwmon2k.dll
2009-04-26 04:50 . 2009-04-26 04:50 -------- d-----w c:\program files\Acro Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 00:43 . 2009-03-06 11:16 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-23 22:19 . 2009-04-18 03:11 -------- d-----w c:\programdata\Google Updater
2009-05-23 04:28 . 2009-03-06 11:16 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-20 02:08 . 2009-05-20 01:21 5696 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-18 22:41 . 2008-12-07 23:52 -------- d-----w c:\program files\Google
2009-05-14 23:46 . 2009-01-05 02:54 -------- d-----w c:\programdata\BVRP Software
2009-05-14 23:46 . 2008-07-26 05:06 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-13 19:32 . 2008-07-26 06:12 -------- d-----w c:\programdata\Microsoft Help
2009-05-13 18:58 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-12 17:05 . 2008-12-07 03:34 106952 ----a-w c:\users\Ansar\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-10 18:08 . 2009-05-10 18:08 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-27 01:31 . 2009-03-27 07:01 -------- d-----w c:\programdata\SpeedBit
2009-04-18 01:24 . 2009-01-11 04:03 680 ----a-w c:\users\Ansar\AppData\Local\d3d9caps.dat
2009-04-17 06:11 . 2008-08-30 00:17 -------- d-----w c:\program files\Atheros
2009-04-17 05:56 . 2009-04-17 05:56 -------- d-----w c:\users\Ansar\AppData\Roaming\SuperAdBlocker.com
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w c:\windows\system32\DivX.dll
2009-04-12 02:58 . 2009-04-11 05:31 -------- d-----w c:\program files\AlcoDens
2009-04-10 02:17 . 2009-04-10 02:01 -------- d-----w c:\users\Ansar\AppData\Roaming\DMCache
2009-04-10 01:34 . 2008-07-26 06:36 -------- d-----w c:\program files\Java
2009-03-31 18:35 . 2009-05-10 02:23 17160 ----a-w c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 20:30 . 2009-05-10 02:23 17160 ----a-w c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-17 03:38 . 2009-04-15 04:20 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 04:20 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-15 10:25 . 2009-03-15 10:25 56268 ----a-w c:\windows\system32\drivers\scdemu.sys
2009-03-09 09:19 . 2009-03-14 16:09 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-09 03:02 . 2009-02-20 02:11 576 ----a-w c:\users\Ansar\AppData\Roaming\wklnhst.dat
2009-03-08 11:34 . 2009-03-20 00:54 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-20 00:54 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 00:54 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-20 00:54 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 00:54 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 00:54 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 00:54 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 00:54 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 00:54 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 00:54 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 00:54 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-20 00:54 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 00:54 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-20 00:54 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 00:54 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 00:54 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 00:54 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-20 00:54 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 21:12 . 2008-04-16 21:25 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-06 13:06 . 2009-03-06 13:06 140800 ----a-w c:\windows\system32\drivers\Rtlh86.sys
2009-03-05 16:29 . 2009-04-12 02:28 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
2009-03-05 10:54 . 2009-03-05 10:54 73728 ----a-w c:\windows\system32\RtNicProp32.dll
2009-03-03 04:46 . 2009-04-15 04:20 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 04:20 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-15 04:20 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 04:20 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 04:20 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 04:20 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 04:20 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 04:20 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 04:20 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 04:20 17408 ----a-w c:\windows\system32\iashost.exe
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-26 03:45 . 2008-07-26 03:45 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-05-23_01.04.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-24 00:47 61858 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 03:28 . 2009-05-24 01:05 16236 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1876926021-3462019510-1632751971-1000_UserData.bin
- 2008-12-07 03:23 . 2009-05-22 21:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 03:23 . 2009-05-23 22:19 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-07 03:23 . 2009-05-23 22:19 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-07 03:23 . 2009-05-22 21:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-07 03:23 . 2009-05-23 22:19 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-07 03:23 . 2009-05-22 21:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-23 03:53 . 2009-05-23 03:53 9560 c:\windows\System32\networklist\icons\{DC1A1E82-987F-49BE-9F5F-6C2E42E5400A}_48.bin
+ 2009-05-23 03:53 . 2009-05-23 03:53 4280 c:\windows\System32\networklist\icons\{DC1A1E82-987F-49BE-9F5F-6C2E42E5400A}_32.bin
+ 2009-05-23 03:53 . 2009-05-23 03:53 2456 c:\windows\System32\networklist\icons\{DC1A1E82-987F-49BE-9F5F-6C2E42E5400A}_24.bin
- 2009-05-23 00:41 . 2009-05-23 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-24 01:03 . 2009-05-24 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-23 00:41 . 2009-05-23 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-24 01:03 . 2009-05-24 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:02 . 2009-05-24 01:05 102218 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-18 185872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
c:\users\Ansar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-22 3450608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C8F554C7-B099-4399-813F-8A2B38A79F77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{880AA6DE-1C3E-499E-BE84-F1158C0E778B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{87694E78-9EB3-4CB9-8E88-7F074201024C}"= UDP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"{A0D24EB6-88FA-44A2-9070-2C5E8561C571}"= TCP:c:\program files\Sierra\FEAR\FEAR.exe:FEAR
"TCP Query User{9F8F522E-F744-4DA0-82A7-357431FEFE2C}c:\\users\\ansar\\desktop\\warcraft iii\\warcraft iii\\war3.exe"= UDP:c:\users\ansar\desktop\warcraft iii\warcraft iii\war3.exe:war3.exe
"UDP Query User{C520C188-7412-4479-A39A-448045019040}c:\\users\\ansar\\desktop\\warcraft iii\\warcraft iii\\war3.exe"= TCP:c:\users\ansar\desktop\warcraft iii\warcraft iii\war3.exe:war3.exe
"{D4FA4BD8-A4E1-4958-B2BC-290E69633B95}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{89382D21-35EA-4F7D-8314-099FA7465973}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6B55DE91-EF4B-4F37-8A20-EA69C44276B8}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{C6B1AE5E-0F32-4E51-8195-86EC73C6736B}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{95AC2981-A5C0-46B3-960D-196819B918E1}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{E9E21F8E-605E-48F5-A0DA-8579CA2D297E}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B6DB4579-5A6A-4FC2-956C-4AA6CE8137C9}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{6D0993DC-DD61-4890-9808-BEB550300D3C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{54D0F3D7-27CA-4CEC-A1C5-B6A59E2F8916}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E668AD22-749F-42CF-AA14-CC405485CEB0}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{DB70A845-A7E3-429C-B1D1-78C423E4AD0F}"= UDP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{A996D883-D014-45B1-930B-BFDD9BCD3943}"= TCP:c:\program files\Windows Live\Messenger\msnmsgr.exe:Windows Live Messenger
"{23E65CDD-0A74-41F4-8E1A-7DB0AE241D72}"= UDP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{24BF3C7F-30C1-421C-911E-C46AAF704EF1}"= TCP:c:\program files\Ubisoft\Prince of Persia\Prince of Persia.exe:Prince of Persia Dx
"{61F10E4D-E4A9-40C5-A3C0-3BA8FDBFD9E4}"= UDP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
"{9C693193-662A-426C-8C09-96DCC6FA0FA8}"= TCP:c:\program files\Ubisoft\Prince of Persia\PrinceOfPersia_Launcher.exe:Prince of Persia Update
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [20/02/2008 11:11 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20/02/2008 11:08 AM 472320]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [26/07/2008 02:31 AM 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [06/03/2009 07:16 AM 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [26/07/2008 01:31 AM 193840]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [04/06/2008 01:54 PM 113664]
S2 gupdate1c9bfd3b32d50b1;Google Update Service (gupdate1c9bfd3b32d50b1);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 11:13 PM 133104]
S3 mamotou;mamotou;c:\windows\System32\drivers\mamotou.sys [08/12/2008 09:01 PM 49377]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\w300mgmt.sys [11/12/2008 01:11 AM 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\System32\drivers\w300obex.sys [11/12/2008 01:10 AM 85696]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-07 03:11]
2009-05-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-18 03:13]
2009-05-24 c:\windows\Tasks\User_Feed_Synchronization-{F8C11240-9989-415C-875C-C0D6EEC1AAD5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-20 11:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyServer = 192.168.224.5:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ansar\AppData\Roaming\Mozilla\Firefox\Profiles\wk9qt557.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-23 21:03
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\Ansar\AppData\Roaming\Microsoft\Windows\Cookies\ansar@c.live[1].txt 63 bytes
c:\users\Ansar\AppData\Roaming\Microsoft\Windows\Cookies\ansar@live[2].txt
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5160)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\wlanext.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Internet Explorer\ielowutil.exe
.
**************************************************************************
.
Completion time: 2009-05-24 21:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 01:09
ComboFix2.txt 2009-05-23 01:07
Pre-Run: 32,579,125,248 bytes free
Post-Run: 32,319,270,912 bytes free
781 --- E O F --- 2009-05-21 17:22
And this is the Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, May 24, 2009
Operating System: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 02:52:28
Records in database: 2229912
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
Scan statistics:
Files scanned: 187596
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:21:29
No malware has been detected. The scan area is clean.
The selected area was scanned.
thank you once again for your time. :thanks:
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Enable Teatimer
Open Spybot S&D
Click Mode, check Advanced Mode
Go To Left Panel, Click Tools, then also in left panel, click Resident
If your firewall raises a question, say OK
check the box labeled Resident Tea-Timer and OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
:thanks: Katana..thank u so much man..:rockon:
thank for taking your time and doing all that stuff with the logs n all.. :bigthumb:
It's a pleasure :bigthumb:
Take care now :police:
K'