View Full Version : s&d constantlly removing viruses. they always come back
Anton_eric
2010-05-10, 20:48
spybot has been removing a bunch of viruses that i have never heard of before but they always keep coming back and right after it removes a virus my sound wont work for a while i dont know what to do but if you would help that would be awesome! heres the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:05 PM, on 5/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
E:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
--
End of file - 7427 bytes
======================
DDS log now preliminary log requested, not HJT (http://forums.spybot.info/showthread.php?t=57063)
Hello Anton_eric,
Last two topics closed due to lack of follow up, what happened?
http://forums.spybot.info/showthread.php?p=364653#post364653
http://forums.spybot.info/showthread.php?p=358510#post358510
Same,
http://forums.spybot.info/showthread.php?p=327133#post327133
http://forums.spybot.info/showthread.php?p=326959#post326959
Best regards.
Anton_eric
2010-05-12, 04:08
yeah sorry i was unable to get on the computer as my brother had university finals going on and i could no close the things he had and i could not find out where the old threads went
Anton_eric
2010-05-16, 19:16
yeah sorry i was unable to get on the computer as my brother had university finals going on and i could no close the things he had and i could not find out where the old threads went
if you wont help me i understand but this time i can finish it all the way untill you say so. thanks
Hi Anton_eric,
if you wont help me i understand but this time i can finish it all the way untill you say so. thanks
It was not just the one topic that was archived due to lack of follow up. I'm sure you understand why there could be a possiblity volunteers might be reluctant to take on another one. ;)
The Waiting Room (http://forums.spybot.info/forumdisplay.php?f=37)
(http://forums.spybot.info/forumdisplay.php?f=37)Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)
Best regards.
Anton_eric
2010-05-18, 04:38
i do understand but i am very busy and i thought that the computer was fixed because all signs of the virus were gone. if you cannot help please say so and i will quietly leave you alone
Hello Anton_eric,
I provided a link to the Waiting Room in my last post.
Best regards. :)
Anton_eric
2010-05-19, 05:08
Hello Anton_eric,
I provided a link to the Waiting Room in my last post.
Best regards. :)
thanks very much and i understand if no one will help me. but this time i will finish it becasue you guys are the experts and i am stupid with computers cause i got a virus in the first place!
Hello,
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab, uncheck files option and then click scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.
Anton_eric
2010-05-21, 02:44
i ran DDS but to do so i had to rename it and run it in safemode for it to work. i tried running gmer but it would not work in safemode and after being renamed it would always freeze up and close.
DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL
Run by User at 18:33:37.00 on Thu 05/20/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.3024 [GMT -6:00]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\User\Desktop\jhgjh.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [COMODO Internet Security] "e:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2009-1-22 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-3 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-3 5248]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-27 335240]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-27 27784]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-27 108552]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-4 133064]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-4 25160]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-27 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-27 297752]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55640]
S2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2009-1-22 394496]
S2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-4 723632]
S2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-27 12672]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
=============== Created Last 30 ================
2010-05-15 23:06:07 130 ----a-w- c:\windows\cfplogvw.INI
2010-05-12 01:33:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-04-30 07:36:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-29 22:25:02 47292 ---ha-w- c:\windows\system32\mlfcache.dat
==================== Find3M ====================
2010-05-20 20:26:04 75 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-05-20 20:24:58 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-05-15 23:02:31 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29:06 54657 ----a-w- c:\windows\DIIUnin.dat
2010-04-21 05:20:18 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-03-25 00:52:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40:06 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40:05 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10:45 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat
2010-03-15 02:39:58 15 ----a-w- C:\resetlog.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-07-20 23:06:58 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072020090721\index.dat
============= FINISH: 18:34:09.87 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/25/2008 5:51:18 PM
System Uptime: 5/20/2010 6:31:50 PM (0 hours ago)
Motherboard: EVGA | | NF77-HDMI
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 478 | 2333/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 12.994 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 409.752 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_8001&SUBSYS_10DE0101&REV_1000\4&A53BF3B&0&0301
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_8001&SUBSYS_10DE0101&REV_1000\4&A53BF3B&0&0301
Service:
==== System Restore Points ===================
RP712: 5/3/2010 1:18:44 PM - System Checkpoint
RP713: 5/4/2010 1:39:54 PM - System Checkpoint
RP714: 5/5/2010 2:39:54 PM - System Checkpoint
RP715: 5/6/2010 3:30:25 PM - System Checkpoint
RP716: 5/7/2010 4:56:34 PM - System Checkpoint
RP717: 5/8/2010 6:55:12 PM - System Checkpoint
RP718: 5/9/2010 10:30:01 PM - System Checkpoint
RP719: 5/10/2010 10:55:50 PM - System Checkpoint
RP720: 5/11/2010 7:32:51 PM - Installed Driver Whiz.
RP721: 5/11/2010 7:35:48 PM - Removed Driver Whiz.
RP722: 5/12/2010 7:37:33 PM - System Checkpoint
RP723: 5/13/2010 7:55:02 PM - System Checkpoint
RP724: 5/14/2010 8:46:21 PM - System Checkpoint
RP725: 5/15/2010 10:33:30 PM - System Checkpoint
RP726: 5/16/2010 11:21:13 PM - System Checkpoint
RP727: 5/18/2010 8:54:14 AM - System Checkpoint
RP728: 5/19/2010 3:00:33 AM - Software Distribution Service 3.0
RP729: 5/20/2010 8:53:00 AM - System Checkpoint
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 8.5
AviSynth 2.5
B's CLiP
BHA B's Recorder GOLD BASIC 7.13
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Canon MP Navigator EX 1.0
Canon MP210 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
COMODO Internet Security
Counter-Strike: Source
DAEMON Tools
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
DVD Decrypter (Remove Only)
DVD Shrink 3.2
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ImagXpress
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
LimeWire 5.3.6
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MKV Splitter
Move Media Player
Movie Templates - Starter Kit
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Nero 9 Trial
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SoundTrax
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Starcraft
StarCraft II - Beta Launcher (Version 0.28)
StarCraft II Beta
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
VC80CRTRedist - 8.0.50727.762
Videora iPod Converter 4.08
VLC media player 1.0.2
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
5/20/2010 6:33:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio AvgLdx86 AvgMfx86 AvgTdiX avipbb cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 6:33:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/20/2010 6:30:18 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
5/20/2010 6:19:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
5/20/2010 6:18:35 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
5/18/2010 3:40:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
5/18/2010 3:39:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
5/18/2010 3:37:42 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/18/2010 3:37:42 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
thank you so much for helping me
Hi,
Could you try to run GMER by having no other checkboxes checked than sections, please?
Anton_eric
2010-05-21, 16:34
Hi,
Could you try to run GMER by having no other checkboxes checked than sections, please?
that did not help because when ever i open the program it starts scanning instantly and does not let me click any boxes. it will scan for a few seconds then goes not responding and askes me to send an error report.
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Anton_eric
2010-05-22, 17:56
here is the combo fix log i had to rename it for it to work
ComboFix 10-05-21.06 - User 05/22/2010 9:17.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2622 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\User\LOCALS~1\Temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\_ISRES.DLL
c:\docume~1\User\LOCALS~1\Temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ISRT.DLL
c:\documents and settings\User\Local Settings\temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\_ISRES.DLL
c:\documents and settings\User\Local Settings\temp\{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}\ISRT.DLL
.
((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.
2010-05-22 07:03 . 2010-05-22 07:04 -------- d-----w- C:\32788R22FWJFW.0.tmp
2010-05-21 21:47 . 2010-05-22 15:05 -------- d-----w- C:\ComboFix
2010-05-12 01:33 . 2010-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-30 07:36 . 2010-05-21 05:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36 . 2010-04-30 07:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-30 07:36 . 2010-05-11 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-29 22:25 . 2010-04-29 22:25 47292 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 02:09 . 2009-10-29 03:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-05-21 23:36 . 2009-09-02 13:29 75 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-05-21 23:25 . 2008-09-27 17:07 69 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-05-21 03:40 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-20 22:39 . 2009-07-30 02:02 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2010-05-20 22:18 . 2010-03-02 02:54 -------- d-----w- c:\program files\Diablo II
2010-05-15 23:02 . 2009-12-04 22:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29 . 2010-03-25 00:40 54657 ----a-w- c:\windows\DIIUnin.dat
2010-05-12 00:44 . 2008-09-29 00:41 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-05-04 03:10 . 2010-03-17 05:58 256 ----a-w- c:\windows\system32\pool.bin
2010-04-08 18:35 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-25 00:52 . 2009-02-11 14:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52 . 2009-02-11 14:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52 . 2009-02-11 14:15 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40 . 2010-03-25 00:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40 . 2010-03-25 00:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10 . 2010-03-25 00:10 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-03-17 06:07 . 2008-09-26 17:19 58608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 02:39 . 2010-03-15 02:39 15 ----a-w- C:\resetlog.exe
2010-03-13 01:29 . 2010-03-13 01:29 1956808 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"COMODO Internet Security"="e:\program files\Comodo\COMODO Internet Security\cfp.exe" [2009-12-04 1800464]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\ae_anton\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14133\\SC2.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14093\\SC2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/3/2009 5:51 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/3/2009 5:51 PM 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [12/4/2009 4:46 PM 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [12/4/2009 4:46 PM 25160]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 297752]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2008 10:55 AM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-05-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1564)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
e:\program files\Comodo\COMODO Internet Security\cmdagent.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
c:\progra~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
.
**************************************************************************
.
Completion time: 2010-05-22 09:38:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-22 15:38
Pre-Run: 14,189,621,248 bytes free
Post-Run: 14,200,188,928 bytes free
- - End Of File - - 07B03026B4298CA20BFE359E8E2A57C7
DDS is running very very slowly i will try running combofix and dds in safemode with avg and comodo off as i forgot to turn them off. also it seems my internet on the infected computer is not working anymore? could this be because of the virus?
Hi,
You should also uninstall either AVG or Comodo Antivirus completely since it's not recommended to have more than one antivirus program installed and running.
Anton_eric
2010-05-22, 19:01
Hi,
You should also uninstall either AVG or Comodo Antivirus completely since it's not recommended to have more than one antivirus program installed and running.
what one would you recommend keeping? and also here is the dds log
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2009-1-22 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-3 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-3 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-27 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-27 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-4 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-4 25160]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-27 297752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55640]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2009-1-22 394496]
R2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-4 723632]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-27 12672]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
=============== Created Last 30 ================
2010-05-22 07:03:44 0 d-----w- C:\32788R22FWJFW.0.tmp
2010-05-21 21:50:30 77312 ----a-w- c:\windows\MBR.exe
2010-05-21 21:50:29 98816 ----a-w- c:\windows\sed.exe
2010-05-21 21:50:29 161792 ----a-w- c:\windows\SWREG.exe
2010-05-21 21:47:35 0 d-----w- C:\ComboFix
2010-05-15 23:06:07 130 ----a-w- c:\windows\cfplogvw.INI
2010-05-12 01:33:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-04-30 07:36:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-29 22:25:02 47292 ---ha-w- c:\windows\system32\mlfcache.dat
==================== Find3M ====================
2010-05-21 23:36:34 75 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-05-21 23:25:09 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-05-21 03:40:33 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02:31 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29:06 54657 ----a-w- c:\windows\DIIUnin.dat
2010-04-26 21:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-03-25 00:52:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40:06 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40:05 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10:45 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat
2010-03-15 02:39:58 15 ----a-w- C:\resetlog.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-07-20 23:06:58 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072020090721\index.dat
============= FINISH: 10:59:51.26 ===============
and the attach log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/25/2008 5:51:18 PM
System Uptime: 5/22/2010 10:48:01 AM (0 hours ago)
Motherboard: EVGA | | NF77-HDMI
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | Socket 478 | 2333/333mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 13.209 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 409.803 GiB free.
F: is CDROM ()
H: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_8001&SUBSYS_10DE0101&REV_1000\4&A53BF3B&0&0301
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_10DE&DEV_8001&SUBSYS_10DE0101&REV_1000\4&A53BF3B&0&0301
Service:
==== System Restore Points ===================
RP712: 5/3/2010 1:18:44 PM - System Checkpoint
RP713: 5/4/2010 1:39:54 PM - System Checkpoint
RP714: 5/5/2010 2:39:54 PM - System Checkpoint
RP715: 5/6/2010 3:30:25 PM - System Checkpoint
RP716: 5/7/2010 4:56:34 PM - System Checkpoint
RP717: 5/8/2010 6:55:12 PM - System Checkpoint
RP718: 5/9/2010 10:30:01 PM - System Checkpoint
RP719: 5/10/2010 10:55:50 PM - System Checkpoint
RP720: 5/11/2010 7:32:51 PM - Installed Driver Whiz.
RP721: 5/11/2010 7:35:48 PM - Removed Driver Whiz.
RP722: 5/12/2010 7:37:33 PM - System Checkpoint
RP723: 5/13/2010 7:55:02 PM - System Checkpoint
RP724: 5/14/2010 8:46:21 PM - System Checkpoint
RP725: 5/15/2010 10:33:30 PM - System Checkpoint
RP726: 5/16/2010 11:21:13 PM - System Checkpoint
RP727: 5/18/2010 8:54:14 AM - System Checkpoint
RP728: 5/19/2010 3:00:33 AM - Software Distribution Service 3.0
RP729: 5/20/2010 8:53:00 AM - System Checkpoint
RP730: 5/21/2010 9:21:54 AM - System Checkpoint
==== Installed Programs ======================
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG Free 8.5
AviSynth 2.5
B's CLiP
BHA B's Recorder GOLD BASIC 7.13
BitTorrent
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Canon MP Navigator EX 1.0
Canon MP210 series
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner (remove only)
COMODO Internet Security
Counter-Strike: Source
DAEMON Tools
Diablo II
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DolbyFiles
DVD Decrypter (Remove Only)
DVD Shrink 3.2
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ImagXpress
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MKV Splitter
Move Media Player
Movie Templates - Starter Kit
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4 Parser
Nero 9 Trial
Nero Burning ROM Help
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
NeroLiveGadget
NeroLiveGadget Help
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OpenAL
PDF Settings
QuickTime
Realtek High Definition Audio Driver
Roxio Media Manager
ScanSoft OmniPage SE 4
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SoundTrax
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Starcraft
StarCraft II - Beta Launcher (Version 0.28)
StarCraft II Beta
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
VC80CRTRedist - 8.0.50727.762
Videora iPod Converter 4.08
VLC media player 1.0.2
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
==== Event Viewer Messages From Past Week ========
5/22/2010 9:41:37 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the cmdAgent service.
5/22/2010 10:00:16 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/22/2010 10:00:05 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/21/2010 5:04:25 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:04:19 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 2 time(s).
5/21/2010 5:03:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
5/21/2010 5:03:42 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/21/2010 5:03:23 PM, error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:03:18 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:03:06 PM, error: Service Control Manager [7034] - The InstallDriver Table Manager service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:02:58 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:02:54 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 5:02:43 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 4:04:00 PM, error: Service Control Manager [7024] - The SQL Server VSS Writer service terminated with service-specific error 2147549183 (0x8000FFFF).
5/21/2010 4:03:57 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
5/21/2010 4:01:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio
5/21/2010 3:49:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/21/2010 3:49:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/21/2010 3:43:18 PM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
5/20/2010 9:06:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
5/20/2010 6:33:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio AvgLdx86 AvgMfx86 AvgTdiX avipbb cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:51 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/20/2010 6:33:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/20/2010 6:33:14 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/20/2010 6:30:18 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
5/20/2010 6:19:07 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
5/20/2010 6:18:35 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The System Event Notification service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The CryptSvc service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
5/18/2010 2:35:31 AM, error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
==== End Of File ===========================
Hi,
Beginning part of dds.txt contents is missing. Could you post whole dds.txt contents, please?
what one would you recommend keeping?
I'd keep AVG and uninstall antivirus part of Comodo (leaving firewall component installed).
Anton_eric
2010-05-22, 21:09
Hi,
Beginning part of dds.txt contents is missing. Could you post whole dds.txt contents, please?
I'd keep AVG and uninstall antivirus part of Comodo (leaving firewall component installed).
i am very sorry about that and ill get right on deleting the antivirus part of comodo thanks so much
Anton_eric
2010-05-22, 21:09
Hi,
Beginning part of dds.txt contents is missing. Could you post whole dds.txt contents, please?
I'd keep AVG and uninstall antivirus part of Comodo (leaving firewall component installed).
i am very sorry about that and ill get right on deleting the antivirus part of comodo thanks so much
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 13:06:19.56 on Sat 05/22/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2636 [GMT -6:00]
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
E:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
C:\Documents and Settings\User\Desktop\jhgjh.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [COMODO Internet Security] "e:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2009-1-22 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-3 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-3 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-27 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-27 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-12-4 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-12-4 25160]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-27 297752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55640]
R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2009-1-22 394496]
R2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\comodo internet security\cmdagent.exe [2009-12-4 723632]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-27 12672]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
=============== Created Last 30 ================
2010-05-21 21:50:30 77312 ----a-w- c:\windows\MBR.exe
2010-05-21 21:50:29 98816 ----a-w- c:\windows\sed.exe
2010-05-21 21:50:29 161792 ----a-w- c:\windows\SWREG.exe
2010-05-21 21:47:35 0 d-----w- C:\ComboFix
2010-05-15 23:06:07 130 ----a-w- c:\windows\cfplogvw.INI
2010-05-12 01:33:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-04-30 07:36:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-29 22:25:02 47292 ---ha-w- c:\windows\system32\mlfcache.dat
==================== Find3M ====================
2010-05-22 19:02:39 75 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-05-22 18:27:04 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-05-21 03:40:33 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02:31 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29:06 54657 ----a-w- c:\windows\DIIUnin.dat
2010-04-26 21:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-03-25 00:52:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40:06 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40:05 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10:45 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat
2010-03-15 02:39:58 15 ----a-w- C:\resetlog.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-07-20 23:06:58 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072020090721\index.dat
============= FINISH: 13:06:56.21 ===============
Anton_eric
2010-05-23, 05:29
i am no secutity expert here seeing as i got a virus in the first place but i suspect that it is a rootkit so i did a scan and found this
HKU\S-1-5-21-1220945662-308236825-1801674531-1004\Console 5/22/2010 11:14 AM 0 bytes Security mismatch.
HKU\S-1-5-21-1220945662-308236825-1801674531-1004\Console\Its Always sunny 5/22/2010 11:14 AM 0 bytes Security mismatch.
HKU\S-1-5-21-1220945662-308236825-1801674531-1004\Software\Adobe\MediaBrowser\MRU\illustrator\ApplicationPath 3/14/2010 9:10 AM 91 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-1220945662-308236825-1801674531-1004\Software\Microsoft\Windows\ShellNoRoam\Bags\3\Shell\ItemPos1920x1080(1) 5/22/2010 9:24 PM 4.20 KB Windows API length not consistent with raw hive data.
HKLM\SECURITY\Policy\Secrets\SAC* 9/25/2008 6:04 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 9/25/2008 6:04 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQLServer\Parameters 11/20/2009 7:11 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\Security 11/20/2009 7:11 PM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 12/5/2009 10:11 AM 0 bytes Security mismatch.
HKLM\SYSTEM\ControlSet001\Services\d347prt\Cfg\0Jf40 5/22/2010 9:08 PM 0 bytes Hidden from Windows API.
i dont know if it helps at all, but if not ignore i ever said this!
Hi again,
Uninstall BitTorrent.
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\User\Application Data\BitTorrent
c:\documents and settings\User\Application Data\LimeWire
c:\program files\bittorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows, disable protection and refering to the picture above, drag CFScript into ComboFix1.exe
Then post the resultant log.
Get update 9.3.2 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 20 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Anton_eric
2010-05-24, 20:45
the combofix log is to big so ill post it in a few replys
ComboFix 10-05-22.03 - User 05/23/2010 9:20.6.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2825 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\User\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\User\Application Data\BitTorrent
c:\documents and settings\User\Application Data\BitTorrent\(2005) Sugar Ray - The Best of Sugar Ray.rar.torrent
c:\documents and settings\User\Application Data\BitTorrent\[NFL Replay]2006.AFC.Championship.Colts.VS.Pats.XviD.unethikal.torrent
c:\documents and settings\User\Application Data\BitTorrent\[RlsogKing.Com] Smallville.S09E03.HDTV.XviD-XII.torrent
c:\documents and settings\User\Application Data\BitTorrent\2012.TS.XviD-IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\A.Perfect.Getaway.DVDRip.XviD-NeDiVx avi - [ www.TorrentDay.com ].torrent
c:\documents and settings\User\Application Data\BitTorrent\Adobe Illustrator CS3.torrent
c:\documents and settings\User\Application Data\BitTorrent\Adventureland.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\User\Application Data\BitTorrent\Alice In Wonderland 2010 TS XViD - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Alice in Wonderland R5.torrent
c:\documents and settings\User\Application Data\BitTorrent\Alvin And The Chipmunks[2007]DVDRip.torrent
c:\documents and settings\User\Application Data\BitTorrent\Alvin.And.The.Chipmunks.The.Squeakquel.R5.LiNE.XviD-Rx.torrent
c:\documents and settings\User\Application Data\BitTorrent\American Gangster[2007][Unrated Edition]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\BitTorrent\American.Pie.Presents.The.Book.of.Love.2009.DvdRip.Xvid {1337x}-Moursi.torrent
c:\documents and settings\User\Application Data\BitTorrent\American.Summer.2009.DvDrip.XviD.UNDEAD[www.USABIT.com].avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Arlington.Road.DvDRip.Eng-FxM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Armored.2009.DVDRip.XviD.AC3-ViSiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\Arrested Development.torrent
c:\documents and settings\User\Application Data\BitTorrent\Assassination.Of.A.High.School.President.2008.DVDRip.XviD-DiVERSE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Assassination.Of.A.High.School.President.2008.DVDRip.XviD-ViSiON.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\Assassination.Of.A.High.School.President.2008.DVDRip.XviD-ViSiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\Astro.Boy.BDRip.XviD-DiAMOND.torrent
c:\documents and settings\User\Application Data\BitTorrent\Avatar (2009) PROPER TS XviD-MAXSPEED.torrent
c:\documents and settings\User\Application Data\BitTorrent\Avatar 2009 DVDScr H264 AAC-GreatMagician.torrent
c:\documents and settings\User\Application Data\BitTorrent\BAND OF BROTHERS-COMMEMORATIVE BOXSET DISC 2-PARTS THREE&FOUR-A H.264 RIP BY KIDZCORNER.torrent
c:\documents and settings\User\Application Data\BitTorrent\BAND OF BROTHERS-COMMEMORATIVE BOXSET DISC 3-PARTS FIVE&SIX-A H.264 RIP BY KIDZCORNER.torrent
c:\documents and settings\User\Application Data\BitTorrent\BAND OF BROTHERS-COMMEMORATIVE BOXSET DISC 4-PARTS SEVEN&EIGHT-A H.264 RIP BY KIDZCORNER.torrent
c:\documents and settings\User\Application Data\BitTorrent\BAND OF BROTHERS COMMEMORATIVE BOXSET-DISC 1-PARTS ONE&TWO-A H.264 RIP BY KIDZCORNER.torrent
c:\documents and settings\User\Application Data\BitTorrent\Ben.10.Alien.Swarm.2009.DVDRip.XviD-VoMiT.torrent
c:\documents and settings\User\Application Data\BitTorrent\BF Bad Company 2 Beta.torrent
c:\documents and settings\User\Application Data\BitTorrent\BioShock-XBOX360-USA-DAGGER.torrent
c:\documents and settings\User\Application Data\BitTorrent\bittorrent.lng
c:\documents and settings\User\Application Data\BitTorrent\Black_Hawk_Down(DVDRip)(xvid)-Goblin10.torrent
c:\documents and settings\User\Application Data\BitTorrent\Blow[2001]DVDrip[ENG]-MissRipZ.torrent
c:\documents and settings\User\Application Data\BitTorrent\Boondock Saints II All Saints Day DVDRip XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Brooklyns Finest SCR.Wrk-Pnt XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Brothers[2009]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Cirque Du Freak Vampires Assistant Dvdrip 2009 ISWE-RG.torrent
c:\documents and settings\User\Application Data\BitTorrent\City of Ember.torrent
c:\documents and settings\User\Application Data\BitTorrent\Clash Of The Titans 2010 TS XViD - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Company of heroes.torrent
c:\documents and settings\User\Application Data\BitTorrent\Cop Out CAM XViD V2 - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Cop.Out.2010 R6.LINE.XVID-UniversalAbsurdity.torrent
c:\documents and settings\User\Application Data\BitTorrent\Cop.Out.2010.TS.XviD-Rx.torrent
c:\documents and settings\User\Application Data\BitTorrent\Couples Retreat (2009) BRRIP DivXNL-Team.torrent
c:\documents and settings\User\Application Data\BitTorrent\Couples.Retreat.2009.BDRip.XviD-iMBT.torrent
c:\documents and settings\User\Application Data\BitTorrent\Daybreakers TS XVID - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Daybreakers.DvDScr.Line.XviD-FLAWL3SS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Dead.Man.Running.2009.Dvdrip.Xvid.ISWE-RG.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\User\Application Data\BitTorrent\DEAR JOHN DVDRip XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\dht.dat
c:\documents and settings\User\Application Data\BitTorrent\dht.dat.old
c:\documents and settings\User\Application Data\BitTorrent\District 9 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\District.9[2009]R5.Xvid.MF.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\edge of darkness.torrent
c:\documents and settings\User\Application Data\BitTorrent\Entourage Season 6.torrent
c:\documents and settings\User\Application Data\BitTorrent\Everybodys.Fine.DVDRip.XviD-NeDiVx.torrent
c:\documents and settings\User\Application Data\BitTorrent\Fantastic.Mr.Fox.2009.DVDSCR.XviD-MegaPlay.torrent
c:\documents and settings\User\Application Data\BitTorrent\FiFA 10 [NTSC] [X360] [www.bajandojuegos.eu].torrent
c:\documents and settings\User\Application Data\BitTorrent\Fighting.UNRATED.BDRip.XviD-DASH.torrent
c:\documents and settings\User\Application Data\BitTorrent\Final.Destination.3.DVDRip.XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\From.Paris.With.Love.2010.R5.LiNE.XviD-Rx.torrent
c:\documents and settings\User\Application Data\BitTorrent\From.Paris.with.Love.R5.LINE.XviD-MENTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\Full Metal Jacket 1987 Remastered BRRip H264 5.1 ch-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\Funny.People.UNRATED.2009.DvDRiP.XviD-ExtraScene RG.torrent
c:\documents and settings\User\Application Data\BitTorrent\G.I. Joe The Rise Of Cobra 2009 TELESYNC H264 AC3-SecretMyth (Kingdom-Release).torrent.torrent
c:\documents and settings\User\Application Data\BitTorrent\G.I. Joe The Rise Of The Cobra 2009 CAM V2 XviD-PrisM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gamer.DVDRip.XviD-DoNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\garrison 1337x-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Generation Kill.torrent
c:\documents and settings\User\Application Data\BitTorrent\GI Joe The Rise Of Cobra.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\User\Application Data\BitTorrent\Going.The.Distance.2004.Swesub.DvDRip.XviD-Jontey.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E09.HDTV.XviD-NoTV.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E10.HDTV.XviD-2HD.[VTV].avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E10.HDTV.XviD-2HD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E11.HDTV.XviD-2HD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E12.The.Debarted.HDTV.XviD-FQM.[VTV].avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E17.Inglourious.Bassterds.HDTV.XviD-FQM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Gossip.Girl.S03E21.HDTV.XviD-FQM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Green Zone TS XViD - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Halo.Legends.2010.BRRip.XviD-MegaPlay.torrent
c:\documents and settings\User\Application Data\BitTorrent\Hannah.Montana.The.Movie.DVDSCR.XviD-CRUX.torrent
c:\documents and settings\User\Application Data\BitTorrent\Harry Potter And The Half-Blood Prince 2009 DVDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\How To Train Your Dragon 2010 TS XviD-FLAWL3SS.torrent
c:\documents and settings\User\Application Data\BitTorrent\How To Train Your Dragon 2010 TS XviD-PrisM-[www.meWarez.org].torrent
c:\documents and settings\User\Application Data\BitTorrent\I Love You Man[2009]DvDrip-LW.torrent
c:\documents and settings\User\Application Data\BitTorrent\I.Love.You.Beth.Cooper.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\User\Application Data\BitTorrent\I.Love.You.Man[2009]DvDrip[Eng]-Corpse.torrent
c:\documents and settings\User\Application Data\BitTorrent\Ice Age 3 Dawn Of The Dinosaurs 2009 DvDrip NLsub code kako.torrent
c:\documents and settings\User\Application Data\BitTorrent\Ice.Twisters.2009.DVDRip.XviD-GFW.torrent
c:\documents and settings\User\Application Data\BitTorrent\Inglourious Basterds 2009 CAM H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\Inglourious Basterds 2009.torrent
c:\documents and settings\User\Application Data\BitTorrent\Inglourious Basterds PPV XViD-IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Inglourious.Basterds.2009.DvDRip-FxM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Iron.Man.2.2010.NEW.AUDIO.CAM.XVID-PrisM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its Always Sunny In Philadelphia-A Very Sunny Christmas 2009.DVDRip.XviD-WBZ.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E01.PDTV.XviD-SYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E02.WS.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.in.Philadelphia.S05E03.REPACK.WS.PDTV.XviD-XII.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E04.WS.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E05.WS.PDTV.XviD-SYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E06.WS.PDTV.XviD-SYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E07.WS.PDTV.XviD-XII.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E08.WS.PDTV.XviD-SYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E09.WS.PDTV.XviD-XII.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E10.WS.PDTV.XviD-SYS.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.in.Philadelphia.S05E11.Mac.and.Charlie.Write.a.Movie.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E11.WS.PDTV.XviD PLATINUM-SYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.in.Philadelphia.S05E12.The.Gang.Reignites.the.Rivalry.WS.PDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Its.Always.Sunny.In.Philadelphia.S05E13.WEBRIP.H264.mp4.torrent
c:\documents and settings\User\Application Data\BitTorrent\Jarhead[2005]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Jeff.Dunham-Arguing.With.Myself.DvdRip.VostFr.torrent
c:\documents and settings\User\Application Data\BitTorrent\Jennifers Body Unrated (2009) DvdRip [Xvid] {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Jennifers.Body.R5.LiNE.XviD-IMAGINE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Kick-Ass.R5.XviD-COALiTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\Land Of The Lost[2009]DvDrip-LW.torrent
c:\documents and settings\User\Application Data\BitTorrent\Law Abiding Citizen (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\User\Application Data\BitTorrent\Legion.R5.LINE.XviD-MENTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\License.To.Wed[2007]DvDrip.AC3[Eng]-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Miss.March[2009][Unrated-Fully Exposed]DvDrip[En-Fr]Subs[En-Fr-Es]DivX-Ch4cal.torrent
c:\documents and settings\User\Application Data\BitTorrent\Mutant Chronicles.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\National Treasure 2.torrent
c:\documents and settings\User\Application Data\BitTorrent\National.Lampoons.Spring.Break.2007.UNRATED.NTSC.DVDR-DPiMP.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\National.Lampoons.Spring.Break.2007.UNRATED.NTSC.DVDR-DPiMP.torrent
c:\documents and settings\User\Application Data\BitTorrent\National.Lampoons.Stoned.Age.UNRATED.2008.DVDRip.XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Necrosis.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\User\Application Data\BitTorrent\Never.Back.Down[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\neverbackdown.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\NHL_10_NTSC_XBOX360-CCCLX.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\NHL_10_NTSC_XBOX360-CCCLX.2.torrent
c:\documents and settings\User\Application Data\BitTorrent\NHL_10_NTSC_XBOX360-CCCLX.3.torrent
c:\documents and settings\User\Application Data\BitTorrent\NHL_10_NTSC_XBOX360-CCCLX.4.torrent
c:\documents and settings\User\Application Data\BitTorrent\Night at the Museum Battle of the Smithsonian[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\BitTorrent\Nine Miles Down (2009) DvdRip [Xvid] {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Ninja Assassin (2009) 2Lions-Team.torrent
c:\documents and settings\User\Application Data\BitTorrent\Ninja.Assassin.2009.WS.SCR.XviD-SilentNinja.torrent
c:\documents and settings\User\Application Data\BitTorrent\Old Dogs (2009) DvdRip [Xvid] {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Pandorum.2009.BRRip.XviD-MegaPlay.torrent
c:\documents and settings\User\Application Data\BitTorrent\patton.360.s01e07.on.hitlers.doorstep.hdtv.xvid-dvsky.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Percy Jackson Lightning Thief TS XVID - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Percy.Jackson.And.the.Olympians.The.Lightning.Thief.2010.Eng.LU.torrent
c:\documents and settings\User\Application Data\BitTorrent\Percy.Jackson.and.the.Olympians.The.Lightning.Thief.REPACK.R5.LiNE.XviD-VEiNS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Percy.Jackson.and.the.Olympic.Lightning.Thief.2010.TS.H264-CRYS.torrent
c:\documents and settings\User\Application Data\BitTorrent\Planet 51 DVDRip XviD-ARROW.torrent
c:\documents and settings\User\Application Data\BitTorrent\Public Enemies (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\User\Application Data\BitTorrent\Public.Enemies.BDRip.XViD-iMBT.torrent
c:\documents and settings\User\Application Data\BitTorrent\Pulp Fiction [DVDRip][1994][Eng][BugzBunny].torrent
c:\documents and settings\User\Application Data\BitTorrent\resume.dat
c:\documents and settings\User\Application Data\BitTorrent\resume.dat.old
c:\documents and settings\User\Application Data\BitTorrent\Risk 2.torrent
c:\documents and settings\User\Application Data\BitTorrent\Rock_Band_2_USA_XBOX360-Goomba.torrent
c:\documents and settings\User\Application Data\BitTorrent\Rock_Band_USA_XBOX360-PI.torrent
c:\documents and settings\User\Application Data\BitTorrent\rss.dat
c:\documents and settings\User\Application Data\BitTorrent\rss.dat.old
c:\documents and settings\User\Application Data\BitTorrent\S2005.torrent
c:\documents and settings\User\Application Data\BitTorrent\S2008.torrent
c:\documents and settings\User\Application Data\BitTorrent\S2014.torrent
c:\documents and settings\User\Application Data\BitTorrent\Saving Private Ryan [1999]DvDrip[Eng]-dbk.torrent
c:\documents and settings\User\Application Data\BitTorrent\Sc2 Fix with goodies!.torrent
c:\documents and settings\User\Application Data\BitTorrent\Serious Moonlight (2009) DvdRip [Xvid} {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\settings.dat
c:\documents and settings\User\Application Data\BitTorrent\settings.dat.old
c:\documents and settings\User\Application Data\BitTorrent\Sherlock Holmes (2009) DVDSCR [ResourceRG H264 by Bezauk].torrent
c:\documents and settings\User\Application Data\BitTorrent\Shes Out Of My League TS XViD - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\Shutter Island (2010) R5 DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\User\Application Data\BitTorrent\Sky.High.DVDRip.XviD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E01.HDTV.XviD-XII.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E01.HDTV.XviD-XII.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E02.HDTV.XviD-FEVER.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E04.Echo.HDTV.XviD-FQM.avi.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E04.Echo.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E05.HDTV.XviD-XII.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E06.HDTV.XviD-XII.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E07.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E08.Idol.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E11.Absolute.Justice.PROPER.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E14.HDTV.XviD-XII.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E16.HDTV.XviD-2HD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smallville.S09E21.HDTV.XviD-2HD.torrent
c:\documents and settings\User\Application Data\BitTorrent\Smokin.Aces.2.Assassins.Ball.UNRATED.DVDRip.XviD-BULLDOZER.[www.torrentfive.com].torrent
c:\documents and settings\User\Application Data\BitTorrent\Solomon.Kane.DVDSCR.XVID-PrisM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Splinterheads.2009.LiMiTED.DVDRiP.XViD-MisFitZ(www.usabit.com).torrent
c:\documents and settings\User\Application Data\BitTorrent\Star Trek 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\Starcraft 2.torrent
c:\documents and settings\User\Application Data\BitTorrent\StarCraft II - Beta Launcher 0.28 (STABLE).torrent
c:\documents and settings\User\Application Data\BitTorrent\State.Of.Play.2009.DvDRip-FxM.torrent
c:\documents and settings\User\Application Data\BitTorrent\Stop-Loss[2008]DvDrip-aXXo.torrent
c:\documents and settings\User\Application Data\BitTorrent\Sugar Ray - The Best Of [Mp3-vrb].torrent
c:\documents and settings\User\Application Data\BitTorrent\Surrogates (2009) TS XviD-MAXSPEED.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\User\Application Data\BitTorrent\Surrogates CAM XVID - STG.torrent
c:\documents and settings\User\Application Data\BitTorrent\Surrogates.PROPER.R5.LINE.XviD-D3M0NZ.torrent
c:\documents and settings\User\Application Data\BitTorrent\Survivor.S20E12.A.Sinking.Ship.HDTV.XviD-FQM [NO-RAR] - [ www.torrentday.com ].torrent
c:\documents and settings\User\Application Data\BitTorrent\Survivor.S20E13.Loose.Lips.Sink.Ships.HDTV.XviD-FQM.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Book Of Eli 2010 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\The Bounty Hunter TS XViD - IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Bounty Hunter.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Box DVDRip XviD-MENTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Box[2009]R5-DvDrip-LW.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Crazies (1973) BRRip XviD AC3-SANTi.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Final Destination 4 (2009) DVDRip XviD-MAXSPEED.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Heavy [2009]DVDRip[Xvid]AC3 5.1[Eng]BlueLady .avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Imaginarium of Doctor Parnassus[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Long Weekend (2005) - DVDRip - ENG.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Losers DVDSCR XViD IMAGiNE.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Marine 2 (2010) DVDR DivXNL-Team.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Pacific Part 9 - Okinawa XviD SAFCuk009.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Pacific.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Proposal 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\The Proposal 2009 DVDRip Xvid-ACE.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Proposal 2009 TELESYNC XVID-FLAWL3SS.torrent
c:\documents and settings\User\Application Data\BitTorrent\The Time Traveler's Wife 2009 BDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\The Twight Saga NEW MOON SXCGALx.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Back.Up.Plan.DVDSCR.XviD- MC8.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Blind.Side.2009.DVDSCR.XviD-MegaPlay.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Book.of.Eli.TELESYNC.XviD-MENTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Box.2009.DVDRip.XviD-MegaPlay.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Box.2009.R5.LiNE.XviD.v2-ViSiON.[Movie-Torrentz].torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Game.Plan.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Goods.Live.Hard.Sell.Hard.2009.PROPER.DvDRiP.XviD-ExtraScene RG.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Invention.of.Lying.2009.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Keeper.2009.Dvdrip.NL-Subs.NLR-Team.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Last.House.On.The.Left.UNRATED.DVDRip.XviD-DASH.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Pacific.Pt.I.HDTV.XviD-SYS.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Pacific.Pt.II.HDTV.XviD-NoTV.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Pacific.Pt.VII.HDTV.XviD-NoTV.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Pacific.Pt.VIII.HDTV.XviD-RockToIt.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Spy.Next.Door.2010.R6.DVDRip.XviD-ViSiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Stepfather.2009.UNRATED.DVDRip.XviD-ARROW.[www.torrentfive.com].torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Taking.of.Pelham.1.2.3.2009.DVDRIP.H264-ZEKTORM.torrent
c:\documents and settings\User\Application Data\BitTorrent\The.Wolfman.UNRATED.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\User\Application Data\BitTorrent\Tooth Fairy.2010.R5.LiNE.Xvid {1337x}-Noir.torrent
c:\documents and settings\User\Application Data\BitTorrent\Transformers.Revenge.of.the.Fallen.DVDRip.XviD-iMBT.torrent
c:\documents and settings\User\Application Data\BitTorrent\TunnelRats 1337x-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Twilight.Saga.New.Moon.2009.PPV.XviD.AC3-Rx.torrent
c:\documents and settings\User\Application Data\BitTorrent\Undeclared.1.torrent
c:\documents and settings\User\Application Data\BitTorrent\Undeclared.torrent
c:\documents and settings\User\Application Data\BitTorrent\Up in the Air[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\User\Application Data\BitTorrent\Valentine's Day 2010 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\BitTorrent\Valentines.Day.2010.DVDRip.XviD-Larceny.torrent
c:\documents and settings\User\Application Data\BitTorrent\Valentines.Day.REPACK.TELESYNC.XviD-MENTiON.torrent
c:\documents and settings\User\Application Data\BitTorrent\Valhalla Rising 2009.BDRIP.Xvid.UniverSalAbsurdity.torrent
c:\documents and settings\User\Application Data\BitTorrent\Vice.2008.DVDRip.XviD-VoMiT.torrent
c:\documents and settings\User\Application Data\BitTorrent\whip It (2009) DvdRip [Xvid] {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\WWE_SmackDown_Vs_RAW_2010_RF_XBOX360_REPACK-PROTOCOL.torrent
c:\documents and settings\User\Application Data\BitTorrent\Year One UNRATED DVDRip XviD-ARROW[NoRar][www.Yestorrent.com].torrent
c:\documents and settings\User\Application Data\BitTorrent\Year.One.2009.torrent
c:\documents and settings\User\Application Data\BitTorrent\ZombieLand (2009) CAM [Xvid] {1337x}-X.avi.torrent
c:\documents and settings\User\Application Data\BitTorrent\Zombieland 2009 R5 LINE H264-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\User\Application Data\LimeWire
c:\documents and settings\User\Application Data\LimeWire\.AppSpecialShare\Bolt[2008]DvDrip-aXXo.torrent.bak
c:\documents and settings\User\Application Data\LimeWire\.AppSpecialShare\vJZ4SWRN_Marley.And.Me.DVDRip.XviD-nsiervi.avi.torrent.bak
c:\documents and settings\User\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
Anton_eric
2010-05-24, 20:46
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\User\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\User\Application Data\LimeWire\createtimes.cache
c:\documents and settings\User\Application Data\LimeWire\downloads.dat
c:\documents and settings\User\Application Data\LimeWire\fileurns.cache
c:\documents and settings\User\Application Data\LimeWire\filters.props
c:\documents and settings\User\Application Data\LimeWire\gnutella.net
c:\documents and settings\User\Application Data\LimeWire\installation.props
c:\documents and settings\User\Application Data\LimeWire\library.dat
c:\documents and settings\User\Application Data\LimeWire\library5.dat
c:\documents and settings\User\Application Data\LimeWire\limewire.props
c:\documents and settings\User\Application Data\LimeWire\lock
c:\documents and settings\User\Application Data\LimeWire\mojito.props
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\4A128B02d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\86336453d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\9FCB996Ed01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\BAFF9ABFd01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\User\Application Data\LimeWire\player.props
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\User\Application Data\LimeWire\questions.props
c:\documents and settings\User\Application Data\LimeWire\responses.cache
c:\documents and settings\User\Application Data\LimeWire\simpp.xml
c:\documents and settings\User\Application Data\LimeWire\spam.dat
c:\documents and settings\User\Application Data\LimeWire\tables.props
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\User\Application Data\LimeWire\ttdata.cache
c:\documents and settings\User\Application Data\LimeWire\ttrees.cache
c:\documents and settings\User\Application Data\LimeWire\ttroot.cache
c:\documents and settings\User\Application Data\LimeWire\version.xml
c:\documents and settings\User\Application Data\LimeWire\versions.props
c:\documents and settings\User\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\User\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\User\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\User\Application Data\Microsoft\HTML Help\hh.dat
C:\Documents
c:\program files\bittorrent
c:\program files\bittorrent\bittorrent.exe
c:\program files\bittorrent\uninst.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.
2010-05-23 00:49 . 2010-05-23 01:36 -------- d-----w- c:\program files\MSECACHE
2010-05-22 17:16 . 2010-05-22 17:16 -------- d-----w- C:\rsit
2010-05-21 21:47 . 2010-05-22 15:05 -------- d-----w- C:\ComboFix
2010-05-12 01:33 . 2010-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-30 07:36 . 2010-05-21 05:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36 . 2010-04-30 07:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-30 07:36 . 2010-05-11 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-29 22:25 . 2010-04-29 22:25 47292 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 13:42 . 2010-03-02 02:54 -------- d-----w- c:\program files\Diablo II
2010-05-23 03:52 . 2008-09-27 17:15 -------- d-----w- c:\program files\AVG
2010-05-23 03:51 . 2008-09-27 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-23 00:53 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-22 19:02 . 2009-09-02 13:29 75 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-05-22 18:27 . 2008-09-27 17:07 69 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-05-22 02:09 . 2009-10-29 03:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-05-21 03:40 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02 . 2009-12-04 22:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29 . 2010-03-25 00:40 54657 ----a-w- c:\windows\DIIUnin.dat
2010-05-04 03:10 . 2010-03-17 05:58 256 ----a-w- c:\windows\system32\pool.bin
2010-03-25 00:52 . 2009-02-11 14:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52 . 2009-02-11 14:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52 . 2009-02-11 14:15 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40 . 2010-03-25 00:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40 . 2010-03-25 00:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10 . 2010-03-25 00:10 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-03-17 06:07 . 2008-09-26 17:19 58608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 02:39 . 2010-03-15 02:39 15 ----a-w- C:\resetlog.exe
2010-03-13 01:29 . 2010-03-13 01:29 1956808 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-22_15.31.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-23 15:19 . 2010-05-23 15:19 16384 c:\windows\temp\Perflib_Perfdata_1dc.dat
+ 2009-05-19 14:15 . 2010-05-22 18:26 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-22 18:26 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-02-08 22:25 . 2010-05-21 23:25 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-02-08 22:25 . 2010-05-22 18:26 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\ae_anton\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14133\\SC2.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14093\\SC2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/3/2009 5:51 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/3/2009 5:51 PM 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 297752]
S3 HTUGX;HTUGX;c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe --> c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe [?]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2008 10:55 AM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 09:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B040918]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8b040918
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Generic Marvell Yukon 88E8056 based Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9df2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dffa21
SendHandler -> NDIS.sys @ 0xb9ddd87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Completion time: 2010-05-23 09:27:50
ComboFix-quarantined-files.txt 2010-05-23 15:27
ComboFix2.txt 2010-05-22 17:14
ComboFix3.txt 2010-05-22 15:38
Pre-Run: 22,124,683,264 bytes free
Post-Run: 22,254,657,536 bytes free
- - End Of File - - 732C146EBB81165BFFB6A43AFA87787F
Anton_eric
2010-05-24, 20:49
DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 12:46:36.57 on Mon 05/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2402 [GMT -6:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\jhgjh.com
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\user\application data\move networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2009-1-22 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2009-11-3 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2009-11-3 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-27 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-27 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-27 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-9-27 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-27 297752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-26 55640]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-27 12672]
S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
S3 HTUGX;HTUGX;c:\docume~1\user\locals~1\temp\htugx.exe --> c:\docume~1\user\locals~1\temp\HTUGX.exe [?]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [2009-1-22 394496]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
=============== Created Last 30 ================
2010-05-24 01:36:11 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO
2010-05-24 01:32:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 15:37:15 0 d-----w- c:\documents and settings\user\.SunDownloadManager
2010-05-23 15:32:50 0 d-----w- c:\program files\COMODO
2010-05-23 15:32:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-05-23 00:49:05 0 d-----w- c:\program files\MSECACHE
2010-05-21 21:50:30 77312 ----a-w- c:\windows\MBR.exe
2010-05-21 21:50:29 98816 ----a-w- c:\windows\sed.exe
2010-05-21 21:50:29 161792 ----a-w- c:\windows\SWREG.exe
2010-05-21 21:47:35 0 d-----w- C:\ComboFix
2010-05-15 23:06:07 130 ----a-w- c:\windows\cfplogvw.INI
2010-05-12 01:33:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-04-30 07:36:21 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36:21 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-29 22:25:02 47292 ---ha-w- c:\windows\system32\mlfcache.dat
==================== Find3M ====================
2010-05-22 19:02:39 75 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2010-05-22 18:27:04 69 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2010-05-21 03:40:33 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02:31 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29:06 54657 ----a-w- c:\windows\DIIUnin.dat
2010-04-26 21:58:12 256512 ----a-w- c:\windows\PEV.exe
2010-04-09 07:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 07:25:46 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 07:25:46 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 07:25:44 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-25 00:52:33 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52:33 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52:33 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40:06 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40:05 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10:45 0 ----a-w- c:\documents and settings\user\jagex__preferences3.dat
2010-03-15 02:39:58 15 ----a-w- C:\resetlog.exe
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-07-20 23:06:58 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009072020090721\index.dat
============= FINISH: 12:46:59.12 ===============
also windows keeps trying to install roxio media manager and will not go away no matter what i try if i click cancel it freezes for a bit then tries again right after and is very annoying and lagging up the entire computer is there a way to get rid of this?
Hi,
Have you run Kaspersky online scanner yet?
also windows keeps trying to install roxio media manager and will not go away no matter what i try if i click cancel it freezes for a bit then tries again right after and is very annoying and lagging up the entire computer is there a way to get rid of this?
Have you tried to uninstall it in add/remove programs?
Anton_eric
2010-05-24, 22:18
Hi,
Have you run Kaspersky online scanner yet?
Have you tried to uninstall it in add/remove programs?
yes i did run it but i forgot to post the log and now i do not have one. i tried running it again but it wont run for me! :( and i did remove roxio from the control pannel and all of its registry's but that did not stop it
tried running it again but it wont run for me!
Any specific error?
For Roxio issue try this:
1. Open Task Manager.
In Applications, right click on the RMM install process
Left click on go to process
This step puts you on ISUSPM.exe.
Left click on end process
2. Go back to Task Manager, select Processes
Find msiexec.exe
Left click on it and left click on end process
3. Uninstall Roxio Media Manager
4. Download and run Windows Install Clean Up utility from: http://support.microsoft.com/kb/290301.
If it it errors out because another install program is running, repeat 2.
5. Remove all instances of Roxio programs.
Anton_eric
2010-05-25, 16:36
Any specific error?
For Roxio issue try this:
1. Open Task Manager.
In Applications, right click on the RMM install process
Left click on go to process
This step puts you on ISUSPM.exe.
Left click on end process
2. Go back to Task Manager, select Processes
Find msiexec.exe
Left click on it and left click on end process
3. Uninstall Roxio Media Manager
4. Download and run Windows Install Clean Up utility from: http://support.microsoft.com/kb/290301.
If it it errors out because another install program is running, repeat 2.
5. Remove all instances of Roxio programs.
kaspery is running but when i click go to process on roxio it goes to something called agent.exe so i ended that and the other processes you told me to and ran the cleanup tool and seems to keep coming back?
Hi,
Kill all agent.exe, ISUSPM.exe and msiexec.exe named processes (only name matters not if the name contains capital letters or not). Then try to run Windows Installer CleanUp Utility to uninstall Roxio related things.
Anton_eric
2010-05-25, 19:16
Hi,
Kill all agent.exe, ISUSPM.exe and msiexec.exe named processes (only name matters not if the name contains capital letters or not). Then try to run Windows Installer CleanUp Utility to uninstall Roxio related things.
i did that and it dosnt seem like it came back yet thanks ill post the kaspery log when i get home
Ok. Shall wait for the results :)
Anton_eric
2010-05-26, 03:45
Ok. Shall wait for the results :)
should this be taking a long time? so far its 2% done after 40 mins of scanning?
Anton_eric
2010-05-26, 05:35
so the roxio thing is gone except it comes up when i reboot the computer is there anyway to get rid of this?
Hi,
should this be taking a long time? so far its 2% done after 40 mins of scanning?
Depends how badly hard drive is fragmented. Have antivirus protection disabled.
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
Quit::
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log + fresh dds log. See if Roxio issue pops up.
Anton_eric
2010-05-26, 16:47
ComboFix 10-05-25.05 - User 05/26/2010 8:39.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2796 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\common files\installshield\updateservice\ISUSPM.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.
2010-05-24 20:12 . 2010-05-24 20:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 01:36 . 2010-05-24 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-05-24 01:32 . 2010-05-24 01:32 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcp71.dll
2010-05-24 01:32 . 2010-05-24 01:32 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\jmc.dll
2010-05-24 01:32 . 2010-05-24 01:32 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcr71.dll
2010-05-24 01:32 . 2010-05-24 01:32 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-sse.dll
2010-05-24 01:32 . 2010-05-24 01:32 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-d3d.dll
2010-05-24 01:32 . 2010-05-24 20:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 15:37 . 2010-05-23 15:40 -------- d-----w- c:\documents and settings\User\.SunDownloadManager
2010-05-23 15:32 . 2010-05-23 15:33 -------- d-----w- c:\program files\COMODO
2010-05-23 15:32 . 2010-05-23 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-05-23 00:49 . 2010-05-25 14:35 -------- d-----w- c:\program files\MSECACHE
2010-05-22 17:16 . 2010-05-22 17:16 -------- d-----w- C:\rsit
2010-05-21 21:47 . 2010-05-22 15:05 -------- d-----w- C:\ComboFix
2010-05-12 01:33 . 2010-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-30 07:36 . 2010-05-21 05:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36 . 2010-04-30 07:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-30 07:36 . 2010-05-11 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-29 22:25 . 2010-04-29 22:25 47292 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 14:22 . 2010-03-02 02:54 -------- d-----w- c:\program files\Diablo II
2010-05-24 22:45 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 03:52 . 2008-09-27 17:15 -------- d-----w- c:\program files\AVG
2010-05-23 03:51 . 2008-09-27 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-22 19:02 . 2009-09-02 13:29 75 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-05-22 18:27 . 2008-09-27 17:07 69 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-05-22 02:09 . 2009-10-29 03:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-05-21 03:40 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02 . 2009-12-04 22:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29 . 2010-03-25 00:40 54657 ----a-w- c:\windows\DIIUnin.dat
2010-05-04 03:10 . 2010-03-17 05:58 256 ----a-w- c:\windows\system32\pool.bin
2010-04-09 07:26 . 2010-04-09 07:26 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 07:25 . 2010-04-09 07:25 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-09 07:25 . 2010-04-09 07:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 07:25 . 2010-04-09 07:25 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 07:25 . 2010-04-09 07:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-25 00:52 . 2009-02-11 14:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52 . 2009-02-11 14:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52 . 2009-02-11 14:15 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40 . 2010-03-25 00:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40 . 2010-03-25 00:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10 . 2010-03-25 00:10 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-03-17 06:07 . 2008-09-26 17:19 58608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 02:39 . 2010-03-15 02:39 15 ----a-w- C:\resetlog.exe
2010-03-13 01:29 . 2010-03-13 01:29 1956808 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-22_15.31.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-26 14:38 . 2010-05-26 14:38 16384 c:\windows\temp\Perflib_Perfdata_4c0.dat
- 2008-04-14 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2009-01-07 03:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-01-07 03:30 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-12-22 02:09 . 2009-12-22 02:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 07:57 . 2009-12-22 07:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-22 02:02 . 2009-12-22 02:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 05:21 . 2009-12-22 05:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-22 05:37 . 2009-12-22 05:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-22 00:39 . 2009-12-22 00:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-22 00:27 . 2009-12-22 00:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-22 00:27 . 2009-12-22 00:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-22 18:26 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-22 18:26 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-05-24 20:12 . 2010-05-24 20:11 153376 c:\windows\system32\javaws.exe
- 2009-08-12 13:45 . 2009-07-25 11:23 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 20:12 . 2010-05-24 20:11 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 20:12 . 2010-05-24 20:11 145184 c:\windows\system32\java.exe
- 2009-08-12 13:45 . 2009-07-25 11:23 145184 c:\windows\system32\java.exe
+ 2010-05-24 20:12 . 2010-05-24 20:12 180224 c:\windows\Installer\76b39.msi
+ 2010-05-24 20:11 . 2010-05-24 20:11 576000 c:\windows\Installer\76b33.msi
+ 2009-12-11 21:57 . 2009-12-11 21:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-22 00:35 . 2009-12-22 00:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-22 02:05 . 2009-12-22 02:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-22 00:34 . 2009-12-22 00:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-10 01:18 . 2009-11-10 01:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-22 02:02 . 2009-12-22 02:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-22 00:43 . 2009-12-22 00:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 07:57 . 2009-12-22 07:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-22 00:15 . 2009-12-22 00:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-22 01:32 . 2009-12-22 01:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-22 01:15 . 2009-12-22 01:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
- 2010-02-08 22:25 . 2010-05-21 23:25 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-02-08 22:25 . 2010-05-22 18:26 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-23 15:34 . 2010-05-23 15:34 3651072 c:\windows\Installer\b2c00.msi
+ 2010-05-23 15:32 . 2010-05-23 15:32 1516544 c:\windows\Installer\b2bfc.msi
+ 2009-12-22 00:29 . 2009-12-22 00:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-28 02:34 . 2009-10-28 02:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-22 05:31 . 2009-12-22 05:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-05-23 15:30 . 2010-05-23 15:30 11850240 c:\windows\Installer\b2bf6.msp
+ 2009-12-22 05:21 . 2009-12-22 05:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\ae_anton\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14133\\SC2.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14093\\SC2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/3/2009 5:51 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/3/2009 5:51 PM 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 297752]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
S3 HTUGX;HTUGX;c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe --> c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe [?]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2008 10:55 AM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 08:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA833B0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8aa833b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
.
Completion time: 2010-05-26 08:45:57
ComboFix-quarantined-files.txt 2010-05-26 14:45
ComboFix2.txt 2010-05-24 20:03
ComboFix3.txt 2010-05-23 15:27
ComboFix4.txt 2010-05-22 17:14
ComboFix5.txt 2010-05-26 14:34
Pre-Run: 50,344,202,240 bytes free
Post-Run: 50,426,474,496 bytes free
- - End Of File - - 7B1C6DEB2F9826475E793DBA13173E3D
Wednesday, May 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 18:12:12
Records in database: 4171113
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
H:\
Scan statistics
Objects scanned 89631
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:17:29
No threats found. Scanned area is clean.
Selected area has been scanned.
Anton_eric
2010-05-26, 16:48
oh yeah i forgot to add combofix says there is rootkit activity and needs to restart still everytime it is being ran.
Hi,
Please see if you're able to run GMER now (disable protection software first).
Anton_eric
2010-05-26, 23:46
Hi,
Please see if you're able to run GMER now (disable protection software first).
i tried and i was unable to start it. it opens and runs for a few seconds then tells me to send an error report. and the program closes on me. as soon as i open it, it starts and i cannot click on any of the checked boxes.
Hi,
Run ComboFix with following script:
DeQuarantine::
c:\qoobox\quarantine\c\program files\common files\installshield\updateservice\ISUSPM.exe.vir
Quit::
It should generate DeQuarantine.txt log for you. Post back its contents.
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe and wait for the process to finish.
3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Anton_eric
2010-05-27, 17:04
c:\qoobox\quarantine\c\program files\common files\installshield\updateservice\ISUSPM.exe.vir -> c:\program files\common files\installshield\updateservice\ISUSPM.exe ( 206112 bytes )
08:44:18:375 3164 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
08:44:18:375 3164 ================================================================================
08:44:18:375 3164 SystemInfo:
08:44:18:375 3164 OS Version: 5.1.2600 ServicePack: 3.0
08:44:18:375 3164 Product type: Workstation
08:44:18:375 3164 ComputerName: DOWNSTAIRS
08:44:18:375 3164 UserName: User
08:44:18:375 3164 Windows directory: C:\WINDOWS
08:44:18:375 3164 Processor architecture: Intel x86
08:44:18:375 3164 Number of processors: 2
08:44:18:375 3164 Page size: 0x1000
08:44:18:375 3164 Boot type: Normal boot
08:44:18:375 3164 ================================================================================
08:44:18:718 3164 Initialize success
08:44:18:718 3164
08:44:18:718 3164 Scanning Services ...
08:44:19:062 3164 Raw services enum returned 355 services
08:44:19:062 3164
08:44:19:062 3164 Scanning Drivers ...
08:44:19:875 3164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:44:19:906 3164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:44:19:953 3164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:44:20:046 3164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
08:44:20:109 3164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:44:20:140 3164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:44:20:171 3164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:44:20:234 3164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:44:20:281 3164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:44:20:375 3164 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
08:44:20:468 3164 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
08:44:20:500 3164 avgntflt (551d52aa398392f427ce2538051da947) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:44:20:546 3164 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
08:44:20:578 3164 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:44:20:640 3164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:44:20:687 3164 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:44:20:703 3164 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:44:20:734 3164 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys
08:44:20:781 3164 BsUDF (588f5e394617e879097f39064542cb40) C:\WINDOWS\system32\drivers\BsUDF.sys
08:44:20:937 3164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:44:20:968 3164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:44:21:000 3164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:44:21:031 3164 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
08:44:21:093 3164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:44:21:203 3164 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
08:44:21:250 3164 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
08:44:21:281 3164 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
08:44:21:328 3164 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
08:44:21:390 3164 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
08:44:21:437 3164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:44:21:484 3164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:44:21:531 3164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:44:21:593 3164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:44:21:625 3164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:44:21:640 3164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:44:21:656 3164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:44:21:703 3164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:44:21:718 3164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:44:21:765 3164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:44:21:843 3164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:44:21:875 3164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:44:21:968 3164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:44:22:015 3164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:44:22:062 3164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:44:22:093 3164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:44:22:156 3164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:44:22:218 3164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:44:22:265 3164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:44:22:312 3164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:44:22:421 3164 Inspect (508837e828309bd8444ae5c7550c2c17) C:\WINDOWS\system32\DRIVERS\inspect.sys
08:44:22:546 3164 IntcAzAudAddService (274ff777c369cc8f05a4b4f9a243335b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:44:22:656 3164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:44:22:687 3164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:44:22:703 3164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:44:22:718 3164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:44:22:765 3164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:44:22:796 3164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:44:22:875 3164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:44:22:921 3164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:44:22:953 3164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:44:22:968 3164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:44:23:015 3164 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
08:44:23:078 3164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:44:23:125 3164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:44:23:171 3164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:44:23:203 3164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:44:23:265 3164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:44:23:312 3164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:44:23:328 3164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:44:23:359 3164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:44:23:453 3164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:44:23:625 3164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:44:24:000 3164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:44:24:171 3164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:44:24:281 3164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:44:24:453 3164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:44:24:484 3164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
08:44:24:546 3164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:44:24:562 3164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:44:24:625 3164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:44:24:640 3164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:44:24:656 3164 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
08:44:24:703 3164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:44:24:734 3164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:44:24:828 3164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:44:24:890 3164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:44:24:906 3164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:44:24:953 3164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:44:25:125 3164 nv (90a2fe4b6e558e05e88e4517001a33ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:44:25:328 3164 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
08:44:25:359 3164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:44:25:359 3164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:44:25:437 3164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:44:25:468 3164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:44:25:515 3164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:44:25:546 3164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:44:25:609 3164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:44:25:625 3164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:44:25:656 3164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:44:25:781 3164 PnkBstrK (10be25c04613b70d8ce1f412e14d9454) C:\WINDOWS\system32\drivers\PnkBstrK.sys
08:44:25:875 3164 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
08:44:25:906 3164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:44:25:921 3164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:44:25:953 3164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:44:26:000 3164 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:44:26:046 3164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:44:26:062 3164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:44:26:062 3164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:44:26:078 3164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:44:26:125 3164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:44:26:140 3164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:44:26:171 3164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
08:44:26:250 3164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:44:26:281 3164 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
08:44:26:328 3164 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
08:44:26:359 3164 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
08:44:26:421 3164 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
08:44:26:468 3164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:44:26:500 3164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:44:26:562 3164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:44:26:609 3164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:44:26:640 3164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:44:26:687 3164 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
08:44:26:781 3164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:44:26:828 3164 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
08:44:26:843 3164 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:44:26:890 3164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:44:26:921 3164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:44:26:968 3164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:44:27:046 3164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:44:27:078 3164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:44:27:140 3164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:44:27:187 3164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:44:27:234 3164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:44:27:281 3164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:44:27:312 3164 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:44:27:406 3164 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:44:27:437 3164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:44:27:484 3164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:44:27:531 3164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:44:27:640 3164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:44:27:703 3164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:44:27:781 3164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:44:27:828 3164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:44:27:937 3164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:44:28:000 3164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:44:28:046 3164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:44:28:109 3164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:44:28:171 3164 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:44:28:203 3164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:44:28:296 3164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:44:28:375 3164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:44:28:546 3164 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:44:28:546 3164
08:44:28:546 3164 Completed
08:44:28:546 3164
08:44:28:546 3164 Results:
08:44:28:546 3164 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:44:28:546 3164 File objects infected / cured / cured on reboot: 0 / 0 / 0
08:44:28:546 3164
08:44:28:546 3164 KLMD(ARK) unloaded successfully
Hi,
Uninstall all parts of Comodo and keep those uninstalled for now. Then try to run GMER by unchecking all but "sections" option first (try in safe mode if normal mode fails).
Anton_eric
2010-05-28, 00:58
Hi,
Uninstall all parts of Comodo and keep those uninstalled for now. Then try to run GMER by unchecking all but "sections" option first (try in safe mode if normal mode fails).
neither of these worked :(
Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.
Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers. Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Then run ComboFix again (with antivirus protection disabled). Any visible symptoms there?
Anton_eric
2010-05-28, 23:34
it ran fine no symptoms and i tried running gmer for the sake of it and it worked. where should i go from here?
Anton_eric
2010-05-28, 23:40
it ran fine no symptoms and i tried running gmer for the sake of it and it worked. where should i go from here?
ok so just after i posted this a blue screen came up and told me to restart and contact my system administrator and to uninstall anything i just installed? and something to do with a memory dump im not to sure
Hi,
That's pretty generic blue screen error message. Are you able to reboot normally? If yes, please do a ComboFix run and post back its log.
Anton_eric
2010-05-29, 04:06
Hi,
That's pretty generic blue screen error message. Are you able to reboot normally? If yes, please do a ComboFix run and post back its log.
what do you mean reboot normally? i could reboot normally with the button on the tower all the time?
Sorry if my question was unclear. If you reboot the machine does it load Windows normally without error? Re-run ComboFix and post back its report.
Anton_eric
2010-05-29, 19:27
Sorry if my question was unclear. If you reboot the machine does it load Windows normally without error? Re-run ComboFix and post back its report.
ohh okay yeah it does and here you go.
ComboFix 10-05-28.08 - User 05/29/2010 11:21:57.11.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2581 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.
2010-05-27 14:34 . 2010-05-27 14:38 -------- d-----w- C:\ComboFix1
2010-05-24 20:12 . 2010-05-24 20:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 01:36 . 2010-05-24 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-05-24 01:32 . 2010-05-24 01:32 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcp71.dll
2010-05-24 01:32 . 2010-05-24 01:32 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\jmc.dll
2010-05-24 01:32 . 2010-05-24 01:32 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcr71.dll
2010-05-24 01:32 . 2010-05-24 01:32 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-sse.dll
2010-05-24 01:32 . 2010-05-24 01:32 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-d3d.dll
2010-05-24 01:32 . 2010-05-24 20:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 15:37 . 2010-05-23 15:40 -------- d-----w- c:\documents and settings\User\.SunDownloadManager
2010-05-23 15:32 . 2010-05-23 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-05-23 00:49 . 2010-05-25 14:35 -------- d-----w- c:\program files\MSECACHE
2010-05-22 17:16 . 2010-05-22 17:16 -------- d-----w- C:\rsit
2010-05-21 21:47 . 2010-05-22 15:05 -------- d-----w- C:\ComboFix
2010-05-12 01:33 . 2010-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-30 07:36 . 2010-05-21 05:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36 . 2010-04-30 07:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-30 07:36 . 2010-05-11 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-29 22:25 . 2010-04-29 22:25 47292 ---ha-w- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 14:59 . 2009-09-02 13:29 87 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-05-29 14:49 . 2010-03-02 02:54 -------- d-----w- c:\program files\Diablo II
2010-05-29 14:44 . 2008-09-27 17:07 69 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-05-24 22:45 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 03:52 . 2008-09-27 17:15 -------- d-----w- c:\program files\AVG
2010-05-23 03:51 . 2008-09-27 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-22 02:09 . 2009-10-29 03:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-05-21 03:40 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02 . 2009-12-04 22:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29 . 2010-03-25 00:40 54657 ----a-w- c:\windows\DIIUnin.dat
2010-05-04 03:10 . 2010-03-17 05:58 256 ----a-w- c:\windows\system32\pool.bin
2010-03-25 00:52 . 2009-02-11 14:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52 . 2009-02-11 14:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52 . 2009-02-11 14:15 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40 . 2010-03-25 00:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40 . 2010-03-25 00:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10 . 2010-03-25 00:10 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-03-17 06:07 . 2008-09-26 17:19 58608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 02:39 . 2010-03-15 02:39 15 ----a-w- C:\resetlog.exe
2010-03-13 01:29 . 2010-03-13 01:29 1956808 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-05-26_14.44.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-29 02:17 . 2010-05-29 02:17 16384 c:\windows\temp\Perflib_Perfdata_350.dat
+ 2009-05-19 14:15 . 2010-05-29 14:44 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-05-19 14:15 . 2010-05-22 18:26 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-29 14:44 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 14:15 . 2010-05-22 18:26 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2010-05-13 13:56 . 2010-05-29 14:44 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-05-13 13:56 . 2010-05-22 18:26 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
- 2010-02-08 22:25 . 2010-05-22 18:26 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-02-08 22:25 . 2010-05-29 14:44 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-13 13:56 . 2010-05-29 14:44 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-13 13:56 . 2010-05-29 14:44 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\ae_anton\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14133\\SC2.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14093\\SC2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller
R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 297752]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/3/2009 5:51 PM 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/3/2009 5:51 PM 5248]
S4 HTUGX;HTUGX;c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe --> c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2008 10:55 AM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 11:25
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-29 11:26:35
ComboFix-quarantined-files.txt 2010-05-29 17:26
ComboFix2.txt 2010-05-28 14:38
ComboFix3.txt 2010-05-27 21:12
ComboFix4.txt 2010-05-26 14:45
ComboFix5.txt 2010-05-29 17:20
Pre-Run: 50,301,427,712 bytes free
Post-Run: 50,266,968,064 bytes free
- - End Of File - - 861626DF271ECF43F508FD3F945D5895
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Run Secunia vulnerability check here (http://secunia.com/vulnerability_scanning/online/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
PS. You can now re-enable emulation drivers.
To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear Click the Re-enable button to re-enable your CD Emulation drivers. Click Yes to continue A 'Finished!' message will appear Click OK DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.
Anton_eric
2010-05-29, 20:42
its all good now thank you so much you sir are my hero. would you recommend the use of the hosts file?
You're welcome and yes I'd recommend using hosts file :)
Anton_eric
2010-05-30, 00:05
You're welcome and yes I'd recommend using hosts file :)
ok so do i just not post back now or do you jsut close it?
I mark this closed & resolved now :)