Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: I Have a SERIOUS virus please help

  1. #1
    Member
    Join Date
    Jul 2009
    Posts
    74

    Default I Have a SERIOUS virus please help

    please help me it is messing my computer up i am not able to run any virus removals the only thing i can get open is avira anti virus and it says nothing is wrong i can get spyboy s&d open but its the old old version and i am not able to update it i managed to open up hjt and this is what it said can anyone help me? when i restarted my computer it came to a bllue screne and said there is a virus on my computer and told me to restart again so i did and it went away now my inter net is going really slow and wont open the home page



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:40:04 PM, on 7/27/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Documents and Settings\User\Desktop\JOEDURR.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{956B1F07-8E77-4752-8133-96A850262A0E}: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7544 bytes

  2. #2
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Hello and welcome to Safer Networking.

    My name is km2357 and I will be helping you to remove any infection(s) that you may have.

    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

    Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

    Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

    I will be back as soon as possible with your first instructions!
    Malware Removal University Master
    Member of ASAP & UNITE

  3. #3
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Step # 1:Remove one of your Anti Virus programs.

    You are operating your computer with multiple Anti Virus programs running in memory at once:

    AVG 8

    Avira


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them.


    Step # 2: Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


    Step # 3 Download and Run RSIT

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)



    In your next post/reply, I need to see the following:

    1. Uninstall List
    2. The two RSIT logs (log and info.txt)
    Malware Removal University Master
    Member of ASAP & UNITE

  4. #4
    Member
    Join Date
    Jul 2009
    Posts
    74

    Default

    i did as you said but rsit only gave me the log.txt not the info one
    Here is the RSIT log

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by User at 2009-07-28 19:36:00
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 25 GB (16%) free of 153 GB
    Total RAM: 3326 MB (82% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:36:04 PM, on 7/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Desktop\RSIT.exe
    C:\Program Files\trend micro\User.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{956B1F07-8E77-4752-8133-96A850262A0E}: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.189,85.255.112.178
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6924 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-11 1107224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-09-11 16844800]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
    "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-04-03 1603152]
    "ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
    "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-05-11 11952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Program Files\Microsoft Games\Rise of Nations\rise.exe"="C:\Program Files\Microsoft Games\Rise of Nations\rise.exe:*:Enabled:Rise of Nations"
    "C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
    "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
    "C:\Program Files\World of Warcraft\Repair.exe"="C:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
    "C:\Program Files\Starcraft\StarCraft.exe"="C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
    "C:\Program Files\Eidos\Battlestations Pacific\bsp.exe"="C:\Program Files\Eidos\Battlestations Pacific\bsp.exe:*:Disabled:Battlestations: Pacific"
    "E:\Program Files\Halo\halo.exe"="E:\Program Files\Halo\halo.exe:*:Disabled:Halo"
    "E:\Program Files\Stronghold2.exe"="E:\Program Files\Stronghold2.exe:*:Disabled:Stronghold 2"
    "E:\Program Files\Stronghold 2\Stronghold2.exe"="E:\Program Files\Stronghold 2\Stronghold2.exe:*:Disabled:Stronghold2"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    ======List of files/folders created in the last 1 months======

    2009-07-28 19:12:26 ----D---- C:\rsit
    2009-07-28 19:12:26 ----D---- C:\Program Files\trend micro
    2009-07-28 17:41:09 ----HD---- C:\WINDOWS\PIF
    2009-07-27 08:12:09 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-26 19:11:59 ----D---- C:\Program Files\Avira
    2009-07-26 19:11:59 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
    2009-07-20 23:26:15 ----D---- C:\Documents and Settings\User\Application Data\Red Kawa
    2009-07-20 23:20:19 ----D---- C:\Program Files\Red Kawa
    2009-07-07 14:41:19 ----A---- C:\WINDOWS\ScUnin.exe
    2009-07-07 14:36:48 ----D---- C:\Program Files\Starcraft
    2009-07-06 08:58:03 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
    2009-07-05 09:52:48 ----D---- C:\Documents and Settings\User\Application Data\The Creative Assembly

    ======List of files/folders modified in the last 1 months======

    2009-07-28 19:34:23 ----D---- C:\Documents and Settings\User\Application Data\DNA
    2009-07-28 19:31:02 ----D---- C:\Program Files\Mozilla Firefox
    2009-07-28 19:21:31 ----D---- C:\WINDOWS\system32\LogFiles
    2009-07-28 19:21:30 ----D---- C:\WINDOWS
    2009-07-28 19:12:26 ----RD---- C:\Program Files
    2009-07-28 19:08:21 ----D---- C:\WINDOWS\Prefetch
    2009-07-28 17:51:12 ----D---- C:\Documents and Settings\User\Application Data\Adobe
    2009-07-28 17:48:57 ----D---- C:\WINDOWS\system32
    2009-07-28 17:48:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-28 17:44:29 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-28 17:44:26 ----D---- C:\WINDOWS\Temp
    2009-07-28 17:44:11 ----D---- C:\Program Files\DNA
    2009-07-28 17:43:01 ----N---- C:\WINDOWS\SchedLgU.Txt
    2009-07-28 17:42:42 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-28 10:24:59 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
    2009-07-28 08:44:07 ----D---- C:\Documents and Settings\User\Application Data\LimeWire
    2009-07-28 02:04:21 ----HD---- C:\$AVG8.VAULT$
    2009-07-27 14:26:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
    2009-07-27 07:47:46 ----D---- C:\WINDOWS\Minidump
    2009-07-27 07:47:21 ----D---- C:\Program Files\CCleaner
    2009-07-26 19:12:13 ----HD---- C:\WINDOWS\inf
    2009-07-26 19:12:13 ----D---- C:\WINDOWS\system32\drivers
    2009-07-26 19:11:04 ----SHD---- C:\WINDOWS\Installer
    2009-07-26 19:11:03 ----D---- C:\WINDOWS\WinSxS
    2009-07-20 23:01:20 ----D---- C:\WINDOWS\Debug
    2009-07-20 17:12:57 ----D---- C:\Program Files\InstallShield Installation Information
    2009-07-20 17:06:36 ----SD---- C:\WINDOWS\Tasks
    2009-07-15 03:02:02 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-15 03:02:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-07 09:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-07-06 16:11:27 ----D---- C:\Program Files\Java
    2009-07-05 09:37:33 ----D---- C:\WINDOWS\system32\DirectX
    2009-07-02 16:36:19 ----D---- C:\Documents and Settings

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-12 327688]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-11 108552]
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
    R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
    R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
    R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
    R2 BsUDF;B.H.A UDF Filesystem; C:\WINDOWS\system32\drivers\BsUDF.sys [2004-01-08 394496]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-11 4614656]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
    R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
    R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
    S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-09-10 32000]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-11 298776]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
    R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
    S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-12 654848]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

    -----------------EOF-----------------


    and the uninstall list is here

    Acrobat.com
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Photoshop CS3
    Adobe Reader 9
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Mobile Device Support
    Apple Software Update
    AVG Free 8.5
    AviSynth 2.5
    Battlestations - Midway
    BHA B's Recorder GOLD BASIC 7.13
    Bonjour
    B's CLiP
    Canon MP210 series
    Canon My Printer
    CCleaner (remove only)
    Diablo II
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Web Player
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    HijackThis 2.0.2
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    LimeWire 4.18.8
    Marvell Miniport Driver
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft .NET Framework 3.5
    Microsoft .NET Framework 3.5
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Mozilla Firefox (3.5.1)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML4 Parser
    neroxml
    NVIDIA Drivers
    NVIDIA PhysX v8.09.04
    PDF Settings
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Starcraft
    VC80CRTRedist - 8.0.50727.762
    Videora iPod Converter 4.08
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    WinRAR archiver


    thanks for helping me

  5. #5
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 4.18.8

    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).



    Step # 1: Download and Run ComboFix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    *Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    When finished, it shall produce a log for you. Please include C:\ComboFix.txt and a fresh HiJackThis Log in your next reply.

    Use multiple posts if you can't fit everything into one post.
    Malware Removal University Master
    Member of ASAP & UNITE

  6. #6
    Member
    Join Date
    Jul 2009
    Posts
    74

    Default

    ty so much for helping me here is the combofix log

    ComboFix 09-07-28.01 - User 07/28/2009 23:43.1.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2901 [GMT -6:00]
    Running from: c:\documents and settings\User\Desktop\MEEEE.exe
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\ESQULbipkmhmcoipxchswdskaplbtgndqoorx.sys
    c:\windows\system32\ESQULpfrrgcalhcxmjhsqrpqbpxpbatkhrxnj.dll
    c:\windows\system32\ESQULraincwvjyqdtqxwayvfdnxplebcqlojx.dll
    c:\windows\system32\ESQULzcounter

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_ESQULserv.sys
    -------\Service_ESQULserv.sys


    ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
    .

    2009-07-29 01:12 . 2009-07-29 01:40 -------- d-----w- c:\program files\trend micro
    2009-07-29 01:12 . 2009-07-29 01:12 -------- d-----w- C:\rsit
    2009-07-28 23:51 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2009-07-28 23:41 . 2009-07-28 23:41 -------- d--h--w- c:\windows\PIF
    2009-07-27 01:12 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-27 01:12 . 2009-03-24 22:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-27 01:12 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-07-27 01:12 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Avira
    2009-07-21 05:26 . 2009-07-21 05:26 -------- d-----w- c:\documents and settings\User\Application Data\Red Kawa
    2009-07-21 05:20 . 2009-07-21 05:20 -------- d-----w- c:\program files\Red Kawa
    2009-07-07 20:41 . 2009-07-07 20:53 35190 ----a-w- c:\windows\scunin.dat
    2009-07-07 20:41 . 2009-07-07 20:53 967 ----a-w- c:\windows\ScUnin.pif
    2009-07-07 20:41 . 2009-07-07 20:53 94208 ----a-w- c:\windows\ScUnin.exe
    2009-07-07 20:36 . 2009-07-21 15:18 -------- d-----w- c:\program files\Starcraft
    2009-07-06 22:10 . 2009-07-06 22:10 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-07-06 14:58 . 2009-07-06 14:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-07-05 15:52 . 2009-07-05 15:52 -------- d-----w- c:\documents and settings\User\Application Data\The Creative Assembly

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-29 05:52 . 2008-09-28 02:07 -------- d-----w- c:\program files\DNA
    2009-07-29 05:52 . 2008-09-28 02:07 -------- d-----w- c:\documents and settings\User\Application Data\DNA
    2009-07-29 05:36 . 2008-09-27 16:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-07-29 05:20 . 2008-09-28 02:07 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
    2009-07-28 20:54 . 2008-09-27 17:07 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
    2009-07-28 14:44 . 2008-09-29 00:41 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
    2009-07-27 20:26 . 2009-03-26 00:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2009-07-27 13:47 . 2008-10-13 01:30 -------- d-----w- c:\program files\CCleaner
    2009-07-20 23:12 . 2008-09-26 16:31 -------- d-----w- c:\program files\InstallShield Installation Information
    2009-07-06 22:11 . 2008-09-27 17:05 -------- d-----w- c:\program files\Java
    2009-07-01 15:46 . 2008-09-27 17:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-24 15:09 . 2009-06-24 15:09 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-06-21 21:21 . 2009-03-17 04:14 -------- d-----w- c:\program files\DivX
    2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 00:39 . 2009-06-16 00:31 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools Pro
    2009-06-16 00:35 . 2009-06-16 00:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\DAEMON Tools Pro
    2009-06-16 00:31 . 2008-11-10 16:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-12 14:54 . 2008-09-27 17:15 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 02:12 . 2009-06-02 01:05 -------- d-----w- c:\documents and settings\User\Application Data\Move Networks
    2009-06-02 01:05 . 2009-06-02 01:05 127903 ----a-w- c:\documents and settings\User\Application Data\Move Networks\uninstall.exe
    2009-06-02 01:05 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
    2009-05-27 23:29 . 2009-05-27 23:29 97144 ----a-w- c:\documents and settings\User\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-05-11 14:52 . 2008-09-27 17:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-05-11 14:52 . 2008-09-27 17:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-07-15 20:30 . 2008-09-27 17:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-11 16844800]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-11 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader
    "6112:TCP"= 6112:TCP:Blizzard Downloader

    R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 906520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 298776]
    R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\docume~1\User\APPLIC~1\Mozilla\Firefox\Profiles\3u4ipr5s.default\
    FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-28 23:52
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3540)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-29 23:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-29 05:55

    Pre-Run: 25,805,955,072 bytes free
    Post-Run: 25,713,934,336 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    222 --- E O F --- 2009-07-15 09:02


    and here is the HJT log


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:57:35 PM, on 7/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Desktop\JOEDURR.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6252 bytes

  7. #7
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    Its looks like you have decided to keep AVG 8 as your Anti-Virus of choice and looking over your logs, it looks we have some leftover Avira remnants that we need to get rid of. To do so, please do the following:


    Download the AntiVir uninstaller and Avira Reg Cleaner and save them to your desktop. Unzip both files to their own folder. Open the AvUninstXPeng folder. Close all programs including AntiVir, then double click on AvUnist.exe to run it. Click yes when asked if you want to remove AntiVir. When it is finished reboot your PC.

    Open the RegistryCleaner folder and double click on the Registry Cleaner file. Click the Remove RegKey button then click Ok. When it is finished Reboot your PC again.



    Step # 1: Run CFScript

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

      Code:
      KILLALL::
      
      Folder::
      
      c:\program files\DNA
      c:\documents and settings\User\Application Data\DNA
      c:\documents and settings\User\Application Data\BitTorrent
      c:\Program Files\BitTorrent
      c:\Program Files\LimeWire
      
      Registry::
      
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BitTorrent DNA"=-
      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\DNA\\btdna.exe"=-
      "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.







      Note: This CFScript is for use on antoneric's computer only! Do not use it on your computer.

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    In your next post/reply, I need to see the following:

    1. The ComboFix Log that appears after Step 1 has been completed.
    2. A fresh HiJackThis Log taken after Step 1 has been completed.
    Malware Removal University Master
    Member of ASAP & UNITE

  8. #8
    Member
    Join Date
    Jul 2009
    Posts
    74

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:10:01 PM, on 7/29/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16876)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\User\Desktop\JOEDURR.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6442 bytes


    ComboFix 09-07-29.01 - User 07/29/2009 13:52.2.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2673 [GMT -6:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\User\Application Data\BitTorrent
    c:\documents and settings\User\Application Data\BitTorrent\[PC_GAME] Stronghold_2_ITA.torrent
    c:\documents and settings\User\Application Data\BitTorrent\12 Rounds 2009 TS-STG - Lynks (Kingdom-KvCD By Dingie).torrent
    c:\documents and settings\User\Application Data\BitTorrent\17 Again (2009) [DvdRip] [Xvid] {1337x}-Noir.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Battle.For.Haditha.2007.DVDRIP.XviD-ZEKTORM.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Battlestations Pacific.zip.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Battlestations.Midway-ViTALiTY.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Battlestations.Pacific-RELOADED.torrent
    c:\documents and settings\User\Application Data\BitTorrent\BLACK HAWK DOWN [2001][ENG][AC3][DVDRIP-M333]-FLAWL3SS.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Body.Of.Lies[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Bolt[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Burn After Reading[2008]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\College[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Crank 2 High Voltage[2009]DvDrip R5[Eng]-ByMe.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Death.Race(freakinG soul) DVDRIP.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Death.Race[2008][ENG]DVDRip-CP1.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Defiance DvDSCR[2009] ( 10rating ).torrent
    c:\documents and settings\User\Application Data\BitTorrent\dht.dat
    c:\documents and settings\User\Application Data\BitTorrent\dht.dat.old
    c:\documents and settings\User\Application Data\BitTorrent\Dragonball.Evolution.R5.LINE.XviD-COALiTiON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Echelon.Conspiracy.2009.DVDRip.XviD-Noir.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Empire.Total.War.Special.Forces.Edition.FullRip-Ka0s.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Farcry 2 {PKI}.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Fast and Furious 4 2009 DVDRIP R5 LINE XviD-COALiTiON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Fighting.CAM.XViD-CAMERA.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Fired.Up.2009.UNRATED.DVDRiP.XViD.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Five Fingers (2009) -2006-_resynched By DragonLord721©.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Fred.Clause[2007][ENG]DVDRip-CP1.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Get.Smart[2008]DvDrip [Andreash87].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Ghosts.of.Girlfriends.Past.2009.DVDSCR.XviD-LAP.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Gran.Torino.2008.DvDRip-Screw.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Halo.zip.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Hancock [2008-DVDRip-H.264]-NewArtRiot.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Hancock.DVDRip.XviD-ALLiANCE.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Hannah.Montana.The.Movie.DVDSCR.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Harry Potter - The Half Blood Prince TS XVID - STG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Hellboy.II.The.Golden.Army.2008.DVDRIP-ZEKTORM.torrent
    c:\documents and settings\User\Application Data\BitTorrent\how.i.met.your.mother.s03.torrent
    c:\documents and settings\User\Application Data\BitTorrent\I Love You, Man [2009][DvdScreener].wmv.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Indiana.Jones.And.The.Kingdom.Of.The.Crystal.Skull[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Iron Man (2008) DVDRip Occor.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Its Always Sunny In Philadelphia - Seasons 1 - 4 (gReEnBoY420).1.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Its Always Sunny In Philadelphia - Seasons 1 - 4 (gReEnBoY420).torrent
    c:\documents and settings\User\Application Data\BitTorrent\Knowing[2009]DvDrip[English][Action]-FxW.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Lakeview.Terrace[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Long.Weekend.2008.DVDRip.XviD-BeStDivX.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Madagascar-Escape.2.Africa[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Marley.And.Me.[2008.Eng].TELESYNC.DivX-LTT.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Max Payne -[2008]- R5 Line [eng] Juledj77.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Miracle.At.St.Anna[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Monsters vs aliens TS (DVDR Source) XVID ENG-STG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\My.Best.Friends.Girl.DVDRip.XViD.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Never Back Down KLAXXON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Obsessed.DVDRip.XviD-DoNE.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Outlanders.2007.LIMITED.DVDrip.XviD-NoRARs™.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Passchendaele 2008 DVDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
    c:\documents and settings\User\Application Data\BitTorrent\Paul.Blart.Mall.Cop.2009.DVDRip.XviD-GFW.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Paul.Blart.Mall.Cop.DVDSCR.XviD-SKA.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Pineapple.Express.2008.DVDSCR.XviD-HEFTY.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Pulp.Fiction.[1994].DvDrip[ENG]-P4DGE_[www.superfundo.org].torrent
    c:\documents and settings\User\Application Data\BitTorrent\Push CAM XVID V2 - STG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Quantum of Solace 2008 TELESYNC XviD-KingBen (Kingdom-Release).torrent
    c:\documents and settings\User\Application Data\BitTorrent\Quarantine.2008.DvDRip-FxM.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Race.To.Witch.Mountain.CAM.XVID-STG-MFD™.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\resume.dat
    c:\documents and settings\User\Application Data\BitTorrent\resume.dat.old
    c:\documents and settings\User\Application Data\BitTorrent\Righteous Kill.WS.2009.XviD.HHI.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Rise Of Nations [PC][www.zonatorrent.com].torrent
    c:\documents and settings\User\Application Data\BitTorrent\rld-sim3.iso.torrent
    c:\documents and settings\User\Application Data\BitTorrent\RocknRolla[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Role Models 2008 cam XviD-KingBen (Kingdom-Release).torrent
    c:\documents and settings\User\Application Data\BitTorrent\Role.Models.UNRATED.DVDRip.XviD-DiAMOND.torrent
    c:\documents and settings\User\Application Data\BitTorrent\rss.dat
    c:\documents and settings\User\Application Data\BitTorrent\rss.dat.old
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs ~ Season 7.torrent
    c:\documents and settings\User\Application Data\BitTorrent\scrubs.0803.notv.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E01.HDTV.XviD-XOR.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E02.HDTV.XviD-0TV.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E04.HDTV.XviD-XOR.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E05.HDTV.XviD-2HD.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E06.HDTV.XviD.PROPER-LOL.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E07.HDTV.XviD-LOL.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E08.HDTV.XviD-LOL.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E09.HDTV.XviD-XOR.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E10.HDTV.XviD-XOR.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E11.My.Nah.Nah.Nah.HDTV.XviD-FQM.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E12.HDTV.XviD-XOR.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E13.HDTV.XviD-2HD.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E14.HDTV.XviD-2HD.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E15.HDTV.XviD-0TV.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E16.HDTV.XviD-0TV.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E17.My.Chief.Concern.HDTV.XviD-FQM.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Scrubs.S08E18.HDTV.XviD-NoTV.[VTV].avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\settings.dat
    c:\documents and settings\User\Application Data\BitTorrent\settings.dat.old
    c:\documents and settings\User\Application Data\BitTorrent\Sex.Drive.DVDSCR.XviD-HEFTY.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Star Trek 2009 TELESYNC AAC-SecretMyth (Kingdom-Release).torrent
    c:\documents and settings\User\Application Data\BitTorrent\Step Brothers[2008]DvDrip[Eng]-NikonXp.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Taken[2008][ENG][CP]DVDRip.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The Forbidden Kingdom KLAXXON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The House Bunny 2008 DVDRip H264 AAC-SecretMyth (Kingdom-Release).torrent
    c:\documents and settings\User\Application Data\BitTorrent\The Incredible Hulk 2008_DVDRIP_Subzero.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The Mummy Tomb Of The Dragon.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The Pink Panther 2[2009]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The Soloist.2009.DvdRip.Xvid {1337x}-Noir.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The.Dark.Knight[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The.Day.The.Earth.Stood.Still[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The.Hangover.2009.DDC-P2P.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The.Hurt.Locker.2008.DVDRiP.XViD.torrent
    c:\documents and settings\User\Application Data\BitTorrent\The.Love.Guru[2008]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\THREE_KINGS...DVDrip(vice).mp4.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transformers 2 2009.D.SuperTS.avi.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transformers 2 Revenge Of The Fallen TS XVID MAXSPEED.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transformers 2007 H264 DVDRip 5.1 ch-SecretMyth.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transformers.2.Revenge.of.The.Fallen.CAM.XviD-THS.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transformers.Revenge.of.the.Fallen.TELESYNC.XviD-COALiTiON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Transporter 3 (2008) DVDRip-HALESPONGE.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Tropic Thunder KLAXXON.torrent
    c:\documents and settings\User\Application Data\BitTorrent\UNDERWORLD 3 THE RISE OF THE LYCANS (2009) REAL PROPER DVDSCR.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Valkyrie[2008]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Van Wilder Freshman Year.2009.DvdRip.UR.Xvid {1337x}-Noir.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Wall E (2008) (DvDRip) [owez77] [h33t].torrent
    c:\documents and settings\User\Application Data\BitTorrent\Watchmen[2009]DvDrip[Eng]-FXG.torrent
    c:\documents and settings\User\Application Data\BitTorrent\X-Men Origins Wolverine (2009) [R5] [Xvid] {1337x}-Noir.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Yes.Man.2008.DvDRip-FxM.torrent
    c:\documents and settings\User\Application Data\BitTorrent\You.Don't.Mess.With.The.Zohan[2008][Unrated.Edition]DvDrip-aXXo.torrent
    c:\documents and settings\User\Application Data\BitTorrent\Zack.And.Miri.Make.A.Porno.2008.R5.DVDRiP.XViD.torrent
    c:\documents and settings\User\Application Data\DNA
    c:\documents and settings\User\Application Data\DNA\dht.dat
    c:\documents and settings\User\Application Data\DNA\dht.dat.old
    c:\documents and settings\User\Application Data\DNA\dna.lng
    c:\documents and settings\User\Application Data\DNA\resume.dat
    c:\documents and settings\User\Application Data\DNA\resume.dat.old
    c:\documents and settings\User\Application Data\DNA\rss.dat
    c:\documents and settings\User\Application Data\DNA\rss.dat.old
    c:\documents and settings\User\Application Data\DNA\settings.dat
    c:\documents and settings\User\Application Data\DNA\settings.dat.old
    c:\program files\BitTorrent
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\Incomplete\T-7309653-T-Pain - I'm in Love With A Stripper (rmx) ft Akon, R Kelly, Twista, Pimp C, Twista, Paul Wall, MJG & Too Short.mp3
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-net.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava.jar
    c:\program files\LimeWire\lib\forms.jar
    c:\program files\LimeWire\lib\foxtrot.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\guice-1.0.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\looks.jar
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\ProgressTabs.jar
    c:\program files\LimeWire\lib\swt.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\themes.jar
    c:\program files\LimeWire\lib\tray.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
    .

    2009-07-29 16:37 . 2009-07-29 16:37 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2009-07-29 16:37 . 2009-07-29 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-07-29 06:09 . 2009-07-29 16:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-07-29 01:12 . 2009-07-29 01:40 -------- d-----w- c:\program files\trend micro
    2009-07-29 01:12 . 2009-07-29 01:12 -------- d-----w- C:\rsit
    2009-07-28 23:51 . 2008-06-12 10:09 33088 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2009-07-28 23:41 . 2009-07-28 23:41 -------- d--h--w- c:\windows\PIF
    2009-07-27 01:12 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-07-27 01:12 . 2009-03-24 22:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-07-27 01:12 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-07-27 01:12 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-07-27 01:11 . 2009-07-27 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-07-21 05:26 . 2009-07-21 05:26 -------- d-----w- c:\documents and settings\User\Application Data\Red Kawa
    2009-07-21 05:20 . 2009-07-21 05:20 -------- d-----w- c:\program files\Red Kawa
    2009-07-07 20:41 . 2009-07-07 20:53 35190 ----a-w- c:\windows\scunin.dat
    2009-07-07 20:41 . 2009-07-07 20:53 967 ----a-w- c:\windows\ScUnin.pif
    2009-07-07 20:41 . 2009-07-07 20:53 94208 ----a-w- c:\windows\ScUnin.exe
    2009-07-07 20:36 . 2009-07-21 15:18 -------- d-----w- c:\program files\Starcraft
    2009-07-06 22:10 . 2009-07-06 22:10 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-07-06 14:58 . 2009-07-06 14:58 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-07-05 15:52 . 2009-07-05 15:52 -------- d-----w- c:\documents and settings\User\Application Data\The Creative Assembly

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-29 18:38 . 2008-09-27 17:07 34 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
    2009-07-29 06:13 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-07-28 14:44 . 2008-09-29 00:41 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
    2009-07-27 20:26 . 2009-03-26 00:21 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2009-07-27 13:47 . 2008-10-13 01:30 -------- d-----w- c:\program files\CCleaner
    2009-07-20 23:12 . 2008-09-26 16:31 -------- d-----w- c:\program files\InstallShield Installation Information
    2009-07-06 22:11 . 2008-09-27 17:05 -------- d-----w- c:\program files\Java
    2009-07-01 15:46 . 2008-09-27 17:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-29 16:12 . 2008-04-14 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-06-29 16:12 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-06-29 16:12 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-06-24 15:09 . 2009-06-24 15:09 -------- d-----w- c:\documents and settings\User\Application Data\SystemRequirementsLab
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
    2009-06-24 15:09 . 2009-06-24 15:09 207872 ----a-w- c:\documents and settings\User\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
    2009-06-21 21:21 . 2009-03-17 04:14 -------- d-----w- c:\program files\DivX
    2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-16 00:39 . 2009-06-16 00:31 -------- d-----w- c:\documents and settings\User\Application Data\DAEMON Tools Pro
    2009-06-16 00:35 . 2009-06-16 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
    2009-06-16 00:31 . 2008-11-10 16:55 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-06-12 14:54 . 2008-09-27 17:15 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-06-03 19:09 . 2008-04-14 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 02:12 . 2009-06-02 01:05 -------- d-----w- c:\documents and settings\User\Application Data\Move Networks
    2009-06-02 01:05 . 2009-06-02 01:05 127903 ----a-w- c:\documents and settings\User\Application Data\Move Networks\uninstall.exe
    2009-06-02 01:05 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
    2009-05-27 23:29 . 2009-05-27 23:29 97144 ----a-w- c:\documents and settings\User\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
    2009-05-11 14:52 . 2008-09-27 17:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-05-11 14:52 . 2008-09-27 17:15 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 15:32 . 2008-04-14 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-07-15 20:30 . 2008-09-27 17:37 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-07-29_05.52.27 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 01:41 . 2009-07-12 01:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    + 2009-07-29 19:57 . 2009-07-29 19:57 16384 c:\windows\temp\Perflib_Perfdata_434.dat
    + 2008-04-14 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
    - 2008-04-14 12:00 . 2009-07-29 05:47 67560 c:\windows\system32\perfc009.dat
    + 2008-04-14 12:00 . 2009-07-29 16:45 67560 c:\windows\system32\perfc009.dat
    + 2007-08-14 00:54 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
    - 2007-08-14 00:54 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
    + 2007-08-14 00:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
    - 2007-08-14 00:39 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
    - 2008-04-14 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
    - 2008-04-14 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
    + 2008-04-14 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
    + 2007-08-14 00:36 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
    - 2007-08-14 00:36 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
    - 2008-09-26 17:05 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-09-26 17:05 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
    + 2008-09-26 17:05 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
    - 2008-09-26 17:05 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
    + 2008-04-14 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
    + 2008-04-14 12:00 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
    - 2008-04-14 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-09-26 17:05 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
    - 2008-09-26 17:05 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
    + 2009-07-29 09:00 . 2009-04-28 09:05 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
    + 2009-07-29 09:00 . 2009-04-29 04:55 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
    + 2009-07-29 09:00 . 2009-04-28 09:05 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
    + 2009-07-29 09:00 . 2009-04-29 04:55 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
    + 2009-07-29 09:00 . 2008-04-14 12:00 35328 c:\windows\ie7updates\KB972260-IE7\corpol.dll
    - 2009-05-19 14:15 . 2009-07-28 20:54 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    + 2009-05-19 14:15 . 2009-07-29 17:21 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    - 2009-05-19 14:15 . 2009-07-28 20:54 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    + 2009-05-19 14:15 . 2009-07-29 17:21 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    + 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
    + 2008-04-14 12:00 . 2009-07-29 16:45 432856 c:\windows\system32\perfh009.dat
    - 2008-04-14 12:00 . 2009-07-29 05:47 432856 c:\windows\system32\perfh009.dat
    - 2008-04-14 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
    + 2007-08-14 00:54 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
    - 2007-08-14 00:54 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
    - 2007-08-14 00:34 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
    + 2007-08-14 00:34 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
    + 2007-07-11 18:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
    + 2008-04-14 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
    - 2008-04-14 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
    + 2008-09-26 17:05 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
    - 2008-09-26 17:05 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
    + 2008-09-25 23:46 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
    - 2008-09-26 17:05 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
    + 2008-09-26 17:05 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
    + 2008-09-26 17:05 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
    + 2008-04-14 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
    - 2008-04-14 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
    - 2008-04-14 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
    + 2009-07-29 09:00 . 2009-07-29 09:00 195584 c:\windows\Installer\acd7a9.msi
    + 2009-07-29 09:00 . 2009-07-29 09:00 248832 c:\windows\Installer\acd7a3.msi
    + 2009-07-29 09:00 . 2009-04-29 04:56 827392 c:\windows\ie7updates\KB972260-IE7\wininet.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
    + 2009-07-29 09:00 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
    + 2009-07-29 09:00 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
    + 2009-07-29 09:00 . 2009-04-29 04:56 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
    + 2009-07-29 09:00 . 2009-04-25 05:27 636088 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
    + 2009-07-29 09:00 . 2009-04-29 04:55 268288 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 385024 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
    + 2009-07-29 09:00 . 2009-04-25 05:26 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
    + 2009-04-09 23:51 . 2009-07-29 17:28 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
    - 2009-04-09 23:51 . 2009-07-28 17:35 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
    - 2008-04-14 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
    + 2008-04-14 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
    + 2008-04-14 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
    + 2007-08-14 00:54 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
    + 2007-02-12 22:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
    + 2008-04-14 12:00 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
    - 2008-04-14 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
    + 2008-04-14 12:00 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
    + 2008-09-26 17:05 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
    + 2008-09-26 17:05 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
    + 2009-07-29 09:00 . 2009-04-29 04:56 1159680 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
    + 2009-07-29 09:00 . 2009-04-29 04:56 3596288 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
    + 2009-07-29 09:00 . 2009-04-29 04:55 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
    + 2009-07-29 09:00 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-11 16844800]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-11 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Starcraft\\StarCraft.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader
    "6112:TCP"= 6112:TCP:Blizzard Downloader

    R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 327688]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 906520]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 298776]
    R2 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
    FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-29 13:57
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2260)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-29 14:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-29 20:00
    ComboFix2.txt 2009-07-29 05:55

    Pre-Run: 24,662,888,448 bytes free
    Post-Run: 24,623,144,960 bytes free

    591 --- E O F --- 2009-07-29 09:00

  9. #9
    Emeritus
    Join Date
    Aug 2007
    Posts
    1,875

    Default

    I still see signs of Avira in your HJT and ComboFix Logs. Did you download and the run the two Avira removal tools I linked to at the top of Post #7?
    Malware Removal University Master
    Member of ASAP & UNITE

  10. #10
    Member
    Join Date
    Jul 2009
    Posts
    74

    Default

    Quote Originally Posted by km2357 View Post
    I still see signs of Avira in your HJT and ComboFix Logs. Did you download and the run the two Avira removal tools I linked to at the top of Post #7?
    i did but ill do it again

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •