Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: win32.agent.ieu?

  1. #1
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default win32.agent.ieu?

    Computer's been running slow with a few pop-ups and can't update to
    newer versions either AVG or Comodo. In an attempt to update comodo it
    deleted the old version and wouldn't give me the newer one. I've also
    tried and failed to update other programs like adobe and java but they
    won't update either.Posting here at safer seems to be disabled also, I
    can read but have to mail logs to myself and post from a remote
    location.

    Spybot picked up win32.agent.ieu and I've read the manual removal
    instructions but I'm really not confident enough to try the removal
    myself, I also think it's been downloading more malware as
    malwarebytes has been picking up and removing multiple threats.
    Many Thanks in advance.


    HJT Log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:06:47 AM, on 7/29/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Documents and Settings\Canucklehead\Local Settings\Application
    Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wuauclt.exe
    F:\fishsim\fishsim2.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
    = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyServer = socks=
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
    Settings,ProxyOverride =
    plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
    C:\Program Files\Common
    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
    Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
    C:\Program Files\Microsoft\Search Enhancement Pack\Search
    Helper\SearchHelper.dll
    O2 - BHO: Windows Live Sign-in Helper -
    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -
    C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper -
    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows
    Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl -
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
    Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &Windows Live Toolbar -
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows
    Live\Toolbar\wltcore.dll
    O3 - Toolbar: Easy Photo Print -
    {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson
    Software\Easy Photo Print\EPTBL.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
    C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System
    Mechanic Professional 6\delay.exe
    O4 - HKLM\..\Run: [EEventManager]
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and
    Settings\Canucklehead\Local Settings\Application
    Data\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: Add to Google Photos Screensa&ver -
    res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
    - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
    Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
    - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
    - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
    - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.summitdirect.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
    - http://update.microsoft.com/windowsu...?1162196894187
    O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
    http://www.facebook.com/controls/contactx.dll
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
    http://208.29.86.7/activex/AxisCamControl.cab
    O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) -
    http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program
    Files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
    CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
    s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) -
    Unknown owner - C:\Program Files\COMODO\COMODO Internet
    Security\cmdagent.exe (file missing)
    O23 - Service: GoToAssist Express Customer - Citrix Online, a division
    of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express
    Customer\136\g2ax_service.exe
    O23 - Service: Google Update Service (gupdate1c98c18bb6bdaa2)
    (gupdate1c98c18bb6bdaa2) - Google Inc. - C:\Program
    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdate1ca58cb355289cc)
    (gupdate1ca58cb355289cc) - Google Inc. - C:\Program
    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdate1cb0d5bf19c53a4)
    (gupdate1cb0d5bf19c53a4) - Google Inc. - C:\Program
    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
    Corporation - C:\Program Files\Common
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
    Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
    (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

    --
    End of file - 8061 bytes

    Sincerest apologies for not following the most recent protocols, I've been here before and just didn't think to check for any changes in initial posts. Also apologize for the bump, it's not intended for attention but only to correct the error. Again, my thanks.

    DDS posted, dds attach, attached.

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Canucklehead at 15:16:37.15 on Thu 07/29/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.472
    [GMT -4:00]

    AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated)
    {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Canucklehead\Local Settings\Application
    Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Documents and Settings\Canucklehead\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\2dSoft\FS2Explorer\FS2Explorer.exe
    F:\fishsim\fishsim2.exe
    C:\Documents and Settings\Canucklehead\Local Settings\Application
    Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Canucklehead\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride =
    plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    uInternet Settings,ProxyServer = socks=
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
    c:\program files\common
    files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -
    c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} -
    c:\program files\microsoft\search enhancement pack\search
    helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper:
    {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common
    files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} -
    c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper:
    {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
    files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper:
    {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows
    live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class:
    {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
    c:\program files\windows live\toolbar\wltcore.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} -
    c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [Google Update] "c:\documents and settings\canucklehead\local
    settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [ioloDelayModule] c:\program files\iolo\system mechanic
    professional 6\delay.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
    Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
    files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
    {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows
    live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
    {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
    c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
    {53707962-6F74-2D53-2644-206D7942484F} -
    c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
    hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
    hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {31564D57-0000-0010-8000-00AA00389B71} -
    hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} -
    hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
    hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162196894187
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
    hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
    hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
    hxxp://208.29.86.7/activex/AxisCamControl.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -
    hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
    hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: GoToAssist Express Customer - c:\program
    files\citrix\gotoassist express customer\136\g2ax_winlogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
    c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver
    x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-18 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver
    x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-18 27784]
    R1 AvgTdiX;AVG Free8 Network
    Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-18 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
    [2009-8-28 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
    [2009-8-28 297752]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 54752]
    S1 cmdGuard;COMODO Internet Security Sandbox
    Driver;c:\windows\system32\drivers\cmdguard.sys -->
    c:\windows\system32\drivers\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper
    Driver;c:\windows\system32\drivers\cmdhlp.sys -->
    c:\windows\system32\drivers\cmdhlp.sys [?]
    S2 cmdAgent;COMODO Internet Security Helper Service;"c:\program
    files\comodo\comodo internet security\cmdagent.exe" --> c:\program
    files\comodo\comodo internet security\cmdagent.exe [?]
    S2 gupdate1c98c18bb6bdaa2;Google Update Service
    (gupdate1c98c18bb6bdaa2);c:\program
    files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1ca58cb355289cc;Google Update Service
    (gupdate1ca58cb355289cc);c:\program
    files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1cb0d5bf19c53a4;Google Update Service
    (gupdate1cb0d5bf19c53a4);c:\program
    files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows
    live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program
    files\citrix\gotoassist express customer\136\g2ax_service.exe
    [2009-1-9 46392]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-3 14424]
    S3 PentaxUsb;PENTAX Optio E10 on
    USB;c:\windows\system32\drivers\CoachUsb.sys [2007-5-2 50976]
    S3 PentaxVc;PENTAX Optio E10 Video
    Capture;c:\windows\system32\drivers\CoachVc.sys [2007-5-2 44256]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-07-28 19:42:01 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-28 19:41:09 2458 ----a-w- c:\windows\lsrslt.ini
    2010-07-28 19:26:35 120 ----a-w- c:\windows\Wyayehamirol.dat
    2010-07-28 19:26:35 0 ----a-w- c:\windows\Ryilesagubin.bin
    2010-07-28 19:25:42 150 -c--a-w- C:\zrpt.xml
    2010-07-28 19:23:54 0 dc----w- c:\docume~1\canuck~1\applic~1\48DA3BDEC53196BC68F63B76E7CBCE5D
    2010-07-03 13:03:32 0 dc----w- c:\docume~1\alluse~1\applic~1\PCPitstop
    2010-07-03 13:03:29 0 d-----w- c:\program files\PCPitstop
    2010-07-02 14:07:05 0 dc----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-07-02 14:02:02 0 dc----w- C:\videooutput
    2010-07-02 14:01:44 0 d-----w- c:\windows\Applian Director
    2010-07-02 14:01:09 0 d-----w- c:\program files\Vuze_Remote
    2010-06-29 20:49:47 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg

    ==================== Find3M ====================

    2010-07-29 18:50:36 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-09 11:07:24 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-06-17 21:54:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-06-17 21:54:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-05-30 09:47:20 341504 ----a-w- c:\windows\system32\yowindow.scr
    2009-12-10 16:46:49 195 ----a-w- c:\program files\dvdrip.ini
    2009-12-10 16:44:40 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
    2009-05-11 16:00:48 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
    2009-05-11 15:43:34 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
    2009-05-11 15:42:46 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
    2009-05-11 15:41:59 13686112 ----a-w- c:\program files\winzip112.exe
    2009-05-11 15:40:57 1878888 ----a-w- c:\program files\install_flash_player.exe
    2006-10-04 16:23:45 1446442 -c--a-w- c:\program files\moviecodec.zip
    2006-09-13 07:54:39 713503 ----a-w- c:\program files\xnews.zip
    2005-07-14 19:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    2005-06-26 22:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
    2009-05-17 18:53:20 32768 -csha-w- c:\windows\system32\config\systemprofile\local
    settings\history\history.ie5\mshist012009051720090518\index.dat

    ============= FINISH: 15:18:04.12 ===============
    Last edited by tashi; 2010-07-28 at 23:17. Reason: Merged two posts. :-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please disable word wrap in notepad and post a fresh dds.txt contents after that.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default

    Fresh DDS.txt



    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Canucklehead at 19:12:31.04 on Sun 08/01/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.280 [GMT -5:00]

    AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\CANUCK~1\LOCALS~1\Temp\57711 .exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG8\avgtray .exe
    C:\DOCUME~1\CANUCK~1\LOCALS~1\Temp\57711 .exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\AVG\AVG8\avgscanx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\AVG\AVG8\avgui.exe
    C:\Documents and Settings\All Users\Application Data\crA6Fcq6.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Documents and Settings\Canucklehead\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    uInternet Settings,ProxyServer = socks=
    mWinlogon: Taskman=c:\documents and settings\canucklehead\application data\qpqo.exe
    uWinlogon: Shell=explorer.exe,c:\documents and settings\canucklehead\application data\qpqo.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [BrowserAddon] "c:\docume~1\canuck~1\locals~1\temp\57711 .exe" --start
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
    dRun: [BrowserAddon] "c:\windows\temp\C.tmp" --start
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162196894187
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://208.29.86.7/activex/AxisCamControl.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\136\g2ax_winlogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-18 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-18 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-18 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-28 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-28 297752]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 54752]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
    S2 cmdAgent;COMODO Internet Security Helper Service;"c:\program files\comodo\comodo internet security\cmdagent.exe" --> c:\program files\comodo\comodo internet security\cmdagent.exe [?]
    S2 gupdate1c98c18bb6bdaa2;Google Update Service (gupdate1c98c18bb6bdaa2);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1ca58cb355289cc;Google Update Service (gupdate1ca58cb355289cc);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1cb0d5bf19c53a4;Google Update Service (gupdate1cb0d5bf19c53a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\136\g2ax_service.exe [2009-1-9 46392]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-3 14424]
    S3 PentaxUsb;PENTAX Optio E10 on USB;c:\windows\system32\drivers\CoachUsb.sys [2007-5-2 50976]
    S3 PentaxVc;PENTAX Optio E10 Video Capture;c:\windows\system32\drivers\CoachVc.sys [2007-5-2 44256]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-08-01 17:10:41 71170 -c--a-w- c:\docume~1\alluse~1\applic~1\crA6Fcq6.exe
    2010-07-31 20:38:37 0 dc----w- c:\docume~1\canuck~1\applic~1\VirtualStore
    2010-07-31 19:48:08 0 ----a-w- c:\windows\EEventManager .INI
    2010-07-31 17:51:52 112 -c--a-w- c:\docume~1\alluse~1\applic~1\vRlc14d.dat
    2010-07-31 16:30:52 114688 -csh--r- c:\docume~1\canuck~1\applic~1\qpqo.exe
    2010-07-30 17:18:49 114688 -csh--r- c:\docume~1\canuck~1\applic~1\ourz.exe
    2010-07-28 19:42:01 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-28 19:41:09 2458 ----a-w- c:\windows\lsrslt.ini
    2010-07-28 19:26:35 120 ----a-w- c:\windows\Wyayehamirol.dat
    2010-07-28 19:26:35 0 ----a-w- c:\windows\Ryilesagubin.bin
    2010-07-28 19:25:42 150 -c--a-w- C:\zrpt.xml
    2010-07-28 19:23:54 0 dc----w- c:\docume~1\canuck~1\applic~1\48DA3BDEC53196BC68F63B76E7CBCE5D
    2010-07-03 13:03:32 0 dc----w- c:\docume~1\alluse~1\applic~1\PCPitstop
    2010-07-03 13:03:29 0 d-----w- c:\program files\PCPitstop

    ==================== Find3M ====================

    2010-07-31 21:06:44 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-09 11:07:24 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-06-29 20:54:13 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg
    2010-06-17 21:54:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-06-17 21:54:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-05-30 09:47:20 341504 ----a-w- c:\windows\system32\yowindow.scr
    2009-12-10 16:46:49 195 ----a-w- c:\program files\dvdrip.ini
    2009-12-10 16:44:40 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
    2009-05-11 16:00:48 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
    2009-05-11 15:43:34 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
    2009-05-11 15:42:46 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
    2009-05-11 15:41:59 13686112 ----a-w- c:\program files\winzip112.exe
    2009-05-11 15:40:57 1878888 ----a-w- c:\program files\install_flash_player.exe
    2006-10-04 16:23:45 1446442 -c--a-w- c:\program files\moviecodec.zip
    2006-09-13 07:54:39 713503 ----a-w- c:\program files\xnews.zip
    2005-07-14 19:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    2005-06-26 22:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
    2009-05-17 18:53:20 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat

    ============= FINISH: 19:14:35.10 ===============

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default

    Combo fix warned me about having bit defender running and the log seems to show both it and comodo as active but neither shows up in my program files or in a search so I can't figure out how to disable them, I chose to run the scan anyway.
    Until now I couldn't post to this section of this forums, I could post to others but not the malware removal forum. That appears to be corrected.

    The dds.attach wasn't requested but I've copied and saved if need be.

    combo fix
    ComboFix 10-08-01.02 - Canucklehead 08/02/2010 5:00.4.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.622 [GMT -5:00]
    Running from: c:\documents and settings\Canucklehead\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Canucklehead\Application Data\48DA3BDEC53196BC68F63B76E7CBCE5D
    c:\documents and settings\Canucklehead\Application Data\48DA3BDEC53196BC68F63B76E7CBCE5D\enemies-names.txt
    c:\documents and settings\Canucklehead\Application Data\inst.exe
    c:\documents and settings\Canucklehead\Application Data\ourz.exe
    c:\documents and settings\Canucklehead\Application Data\qpqo.exe
    c:\documents and settings\Canucklehead\g2ax_customer_downloadhelper_win32_x86.exe
    c:\documents and settings\Canucklehead\Local Settings\Application Data\{14AD271D-CD9C-412F-BC5C-4914D3737B38}
    c:\documents and settings\Canucklehead\Local Settings\Application Data\{14AD271D-CD9C-412F-BC5C-4914D3737B38}\chrome\content\_cfg.js
    c:\documents and settings\Canucklehead\Local Settings\Application Data\{14AD271D-CD9C-412F-BC5C-4914D3737B38}\chrome\content\overlay.xul
    c:\documents and settings\Canucklehead\Local Settings\Application Data\{14AD271D-CD9C-412F-BC5C-4914D3737B38}\install.rdf
    c:\documents and settings\Lee Lightheart\Application Data\qpqo.exe
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\NetMonInstaller.exe
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    c:\windows\desktop
    c:\windows\system32\linkinfo(2).dll
    c:\windows\system32\Thumbs.db
    F:\autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF


    ((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
    .

    2010-07-31 20:38 . 2010-08-01 12:19 -------- dc----w- c:\documents and settings\Canucklehead\Application Data\VirtualStore
    2010-07-31 16:46 . 2010-07-31 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-28 21:23 . 2010-07-28 21:23 -------- dc----w- c:\documents and settings\DK\Application Data\Epson
    2010-07-28 19:42 . 2010-07-28 19:42 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-07-28 19:26 . 2010-07-28 19:26 120 ----a-w- c:\windows\Wyayehamirol.dat
    2010-07-28 19:26 . 2010-07-28 19:26 0 ----a-w- c:\windows\Ryilesagubin.bin
    2010-07-03 13:03 . 2010-07-03 13:04 -------- dc----w- c:\documents and settings\All Users\Application Data\PCPitstop
    2010-07-03 13:03 . 2010-07-03 13:12 -------- d-----w- c:\program files\PCPitstop

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-02 09:55 . 2008-07-10 00:19 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
    2010-08-01 13:32 . 2010-07-31 17:51 112 -c--a-w- c:\documents and settings\All Users\Application Data\vRlc14d.dat
    2010-08-01 00:15 . 2006-09-10 10:15 -------- d-----w- c:\program files\QuickTime
    2010-07-31 21:06 . 2009-10-06 07:47 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-28 20:23 . 2008-07-08 18:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-28 19:53 . 2009-10-26 21:22 -------- d-----w- c:\program files\Vuze
    2010-07-28 17:32 . 2006-09-13 07:55 -------- d-----w- c:\program files\xnews
    2010-07-16 21:07 . 2008-08-31 09:55 -------- dc----w- c:\documents and settings\Canucklehead\Application Data\Azureus
    2010-07-15 22:22 . 2009-11-30 20:56 -------- dc----w- c:\documents and settings\Canucklehead\Application Data\Vso
    2010-07-15 22:10 . 2010-06-03 21:00 -------- d-----w- c:\program files\PeerBlock
    2010-07-15 17:18 . 2009-12-20 12:47 -------- d-----w- c:\program files\fishsim2
    2010-07-12 08:52 . 2009-01-23 02:02 -------- d-----w- c:\program files\AVG
    2010-07-09 11:07 . 2009-10-19 08:34 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-02 14:18 . 2010-07-02 14:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2010-07-02 14:07 . 2009-05-13 23:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-02 14:02 . 2008-09-29 20:00 -------- d-----w- c:\program files\Replay Media Catcher
    2010-07-02 14:01 . 2010-06-16 19:33 -------- d-----w- c:\program files\Syd
    2010-07-02 14:01 . 2010-06-03 20:07 -------- d-----w- c:\program files\PeerGuardian2
    2010-07-02 14:01 . 2010-07-02 14:01 -------- d-----w- c:\program files\Vuze_Remote
    2010-07-02 14:01 . 2008-09-07 12:44 -------- d-----w- c:\program files\Hide IP NG
    2010-06-30 20:27 . 2009-05-11 14:55 -------- d-----w- c:\program files\COMODO
    2010-06-29 20:54 . 2010-06-29 20:49 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg
    2010-06-26 17:03 . 2010-07-31 16:46 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
    2010-06-17 22:56 . 2010-06-17 22:56 -------- d-----w- c:\program files\Smallvideosoft
    2010-06-17 21:54 . 2008-09-29 20:02 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-06-17 21:54 . 2008-09-29 20:02 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-06-11 18:04 . 2007-01-30 20:22 -------- d-----w- c:\program files\LBprogs
    2010-06-02 22:18 . 2008-09-07 12:44 868452 -c--a-w- c:\documents and settings\Canucklehead\Application Data\Hide IP NG\hideipng-update.exe
    2010-05-30 09:47 . 2010-05-30 09:47 341504 ----a-w- c:\windows\system32\yowindow.scr
    2009-12-10 16:46 . 2009-12-10 16:46 195 ----a-w- c:\program files\dvdrip.ini
    2009-12-10 16:44 . 2009-12-10 16:44 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
    2009-05-11 16:00 . 2009-05-11 15:43 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
    2009-05-11 15:43 . 2009-05-11 15:43 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
    2009-05-11 15:42 . 2009-05-11 15:42 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
    2009-05-11 15:41 . 2009-05-11 15:41 13686112 ----a-w- c:\program files\winzip112.exe
    2009-05-11 15:40 . 2009-05-11 15:40 1878888 ----a-w- c:\program files\install_flash_player.exe
    2006-10-04 16:23 . 2006-10-04 16:23 1446442 -c--a-w- c:\program files\moviecodec.zip
    2006-09-13 07:54 . 2006-09-13 07:48 713503 ----a-w- c:\program files\xnews.zip
    2005-07-14 19:31 . 2006-05-24 17:37 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    2005-06-26 22:32 . 2006-05-08 18:07 616448 -csha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 05:37 . 2006-05-24 17:37 45568 -csha-r- c:\windows\system32\cygz.dll
    .
    Code:
    <pre>
    c:\program files\AVG\AVG8\avgtray .exe
    c:\program files\Epson Software\Event Manager\EEventManager .exe
    c:\program files\iolo\System Mechanic Professional 6\delay .exe
    c:\program files\QuickTime\qttask                                                    .exe
    </pre>
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
    "nwiz"="nwiz.exe" [2003-07-28 323584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-28 15:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
    2009-01-09 22:39 46392 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\windows\system32"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\WM Recorder 10\\WMR90.exe"=
    "c:\\Program Files\\WM Recorder 10\\WMR.exe"=
    "c:\\Program Files\\WM Recorder 10\\RMR.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:@xpsp2res.dll,-22002
    "1087:UDP"= 1087:UDP:Windows Media Format SDK (iexplore.exe)
    "1086:UDP"= 1086:UDP:Windows Media Format SDK (iexplore.exe)
    "1089:UDP"= 1089:UDP:Windows Media Format SDK (iexplore.exe)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
    "RemoteAddresses"= *
    "Enabled"= 1 (0x1)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 8:27 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 8:27 AM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/28/2009 10:06 AM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/28/2009 10:06 AM 297752]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
    S2 gupdate1c98c18bb6bdaa2;Google Update Service (gupdate1c98c18bb6bdaa2);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S2 gupdate1ca58cb355289cc;Google Update Service (gupdate1ca58cb355289cc);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S2 gupdate1cb0d5bf19c53a4;Google Update Service (gupdate1cb0d5bf19c53a4);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_service.exe [1/9/2009 5:39 PM 46392]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/3/2010 4:00 PM 14424]
    S3 PentaxUsb;PENTAX Optio E10 on USB;c:\windows\system32\drivers\CoachUsb.sys [5/2/2007 5:04 PM 50976]
    S3 PentaxVc;PENTAX Optio E10 Video Capture;c:\windows\system32\drivers\CoachVc.sys [5/2/2007 5:04 PM 44256]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 07:16]

    2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 07:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    uInternet Settings,ProxyServer = socks=
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-02 05:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(392)
    c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll

    - - - - - - - > 'explorer.exe'(684)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-08-02 05:18:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-02 10:18

    Pre-Run: 43,554,267,136 bytes free
    Post-Run: 43,572,158,464 bytes free

    - - End Of File - - 002896412BFB9C4894947A44B6A004C6


    DDS.txt


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Canucklehead at 5:21:55.64 on Mon 08/02/2010
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.604 [GMT -5:00]

    AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Canucklehead\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    uInternet Settings,ProxyServer = socks=
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162196894187
    DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://208.29.86.7/activex/AxisCamControl.cab
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\136\g2ax_winlogon.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-18 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-18 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-18 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-28 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-28 297752]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 54752]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys --> c:\windows\system32\drivers\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys --> c:\windows\system32\drivers\cmdhlp.sys [?]
    S2 cmdAgent;COMODO Internet Security Helper Service;"c:\program files\comodo\comodo internet security\cmdagent.exe" --> c:\program files\comodo\comodo internet security\cmdagent.exe [?]
    S2 gupdate1c98c18bb6bdaa2;Google Update Service (gupdate1c98c18bb6bdaa2);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1ca58cb355289cc;Google Update Service (gupdate1ca58cb355289cc);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S2 gupdate1cb0d5bf19c53a4;Google Update Service (gupdate1cb0d5bf19c53a4);c:\program files\google\update\GoogleUpdate.exe [2009-2-11 133104]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\136\g2ax_service.exe [2009-1-9 46392]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-3 14424]
    S3 PentaxUsb;PENTAX Optio E10 on USB;c:\windows\system32\drivers\CoachUsb.sys [2007-5-2 50976]
    S3 PentaxVc;PENTAX Optio E10 Video Capture;c:\windows\system32\drivers\CoachVc.sys [2007-5-2 44256]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-08-02 09:26:28 98816 ----a-w- c:\windows\sed.exe
    2010-08-02 09:26:28 77312 ----a-w- c:\windows\MBR.exe
    2010-08-02 09:26:28 256512 ----a-w- c:\windows\PEV.exe
    2010-08-02 09:26:28 161792 ----a-w- c:\windows\SWREG.exe
    2010-07-31 20:38:37 0 dc----w- c:\docume~1\canuck~1\applic~1\VirtualStore
    2010-07-31 19:48:08 0 ----a-w- c:\windows\EEventManager .INI
    2010-07-31 17:51:52 112 -c--a-w- c:\docume~1\alluse~1\applic~1\vRlc14d.dat
    2010-07-28 19:42:01 0 d-----w- c:\windows\system32\wbem\Repository
    2010-07-28 19:41:09 2458 ----a-w- c:\windows\lsrslt.ini
    2010-07-28 19:26:35 120 ----a-w- c:\windows\Wyayehamirol.dat
    2010-07-28 19:26:35 0 ----a-w- c:\windows\Ryilesagubin.bin
    2010-07-28 19:25:42 150 -c--a-w- C:\zrpt.xml
    2010-07-03 13:03:32 0 dc----w- c:\docume~1\alluse~1\applic~1\PCPitstop
    2010-07-03 13:03:29 0 d-----w- c:\program files\PCPitstop

    ==================== Find3M ====================

    2010-07-31 21:06:44 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-09 11:07:24 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-06-29 20:54:13 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg
    2010-06-17 21:54:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-06-17 21:54:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-05-30 09:47:20 341504 ----a-w- c:\windows\system32\yowindow.scr
    2009-12-10 16:46:49 195 ----a-w- c:\program files\dvdrip.ini
    2009-12-10 16:44:40 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
    2009-05-11 16:00:48 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
    2009-05-11 15:43:34 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
    2009-05-11 15:42:46 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
    2009-05-11 15:41:59 13686112 ----a-w- c:\program files\winzip112.exe
    2009-05-11 15:40:57 1878888 ----a-w- c:\program files\install_flash_player.exe
    2006-10-04 16:23:45 1446442 -c--a-w- c:\program files\moviecodec.zip
    2006-09-13 07:54:39 713503 ----a-w- c:\program files\xnews.zip
    2005-07-14 19:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    2005-06-26 22:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
    2009-05-17 18:53:20 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009051720090518\index.dat

    ============= FINISH: 5:22:17.76 ===============

  6. #6
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default

    I also should have added that for the past two days avg's resident shield was not operating, I still clicked it off prior to scanning but the overview showed it as inactive even before doing that. When I tried to re-enable it the overview shows it as inactive still. Also the tray icon is gone and the system says it can't find it.
    Also windows firewall shows that comodo is running but I can't find it to turn it on or off....
    I don't know if any of this is relevant (yet) but wanted to make certain Im giving enough info.

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again,

    Please see if Revo Uninstaller can see those BitDefender & Comodo leftovers.

    Have you added plimus.com,www.plimus.com,regnow.com,www.regnow.com in proxy settings by yourself?


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    c:\windows\lsrslt.ini
    c:\windows\Wyayehamirol.dat
    c:\windows\Ryilesagubin.bin
    C:\zrpt.xml
    RenV::
    c:\program files\AVG\AVG8\avgtray .exe
    c:\program files\Epson Software\Event Manager\EEventManager .exe
    c:\program files\iolo\System Mechanic Professional 6\delay .exe
    c:\program files\QuickTime\qttask                                                    .exe
    FileLook::
    c:\documents and settings\All Users\Application Data\vRlc14d.dat
    c:\windows\system32\rmc_fixasf.exe
    c:\windows\system32\rmc_rtspdl.dll
    c:\windows\system32\yowindow.scr
    Folder::
    c:\program files\Vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus
    c:\program files\Vuze_Remote
    DDS::
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one with updates (9.3 and updates 9.3.2 & 9.3.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 6 Update 21.
    • Click the
      Download
      button to the right.
    • Select Windows on platform combobox and check the box that says:
      Accept License Agreement. Click continue.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.




    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default

    Quote Originally Posted by Blade81 View Post
    Hi again,

    Please see if Revo Uninstaller can see those BitDefender & Comodo leftovers.
    No luck, it doesn't find them in the program list. I did find a comodo folder in program files but didn't want to just manually delete the folder, I'm not sure if that uninstalls the program remnants.


    Quote Originally Posted by Blade81 View Post
    Have you added plimus.com,www.plimus.com,regnow.com,www.regnow.com in proxy settings by yourself?
    No, it doesn't even look familiar.

    Updated Java and adobe, ran combo fix but the log produced is too many characters for the forum so I'll have to post it in two parts.
    Any and all P2P programs have been removed and won't be used again.




    ComboFix 10-08-01.02 - Canucklehead 08/02/2010 12:37:39.5.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.630 [GMT -5:00]
    Running from: c:\documents and settings\Canucklehead\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Canucklehead\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    FILE ::
    "c:\windows\lsrslt.ini"
    "c:\windows\Ryilesagubin.bin"
    "c:\windows\Wyayehamirol.dat"
    "C:\zrpt.xml"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Canucklehead\Application Data\Azureus
    c:\documents and settings\Canucklehead\Application Data\Azureus\.certs
    c:\documents and settings\Canucklehead\Application Data\Azureus\.keystore
    c:\documents and settings\Canucklehead\Application Data\Azureus\.lock
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\05FE09C86AC47DF2BE34D76A4508F3CD4D435835.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\069571181BD936D6242DA3EAF2E0599523F7604D.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\06EEF03FD95DC7631074E38A3556E7701016B50A.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\2314303D9596F4CBA73572AEE838AACD71CB00C2.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\2DB83427C0921C3A2142907DFECC63DEDA60F546.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\3096DCAA3006CB7AFD952F67C461C762A0ECF0A7.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\36092EE71416E6F4D6C435A18EE249297E6EAC33.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\38B4504E93E39A46B1ED7CD463303D5DBCCF3EE8.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\3A8A0A5B55B7592216483FFDC784B6B734BA95DC.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\3B4629EB78BC4245D2A6EB8DED88780125EE9F8C.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\3F227770790507CB00D2372DB1FEF701033E8187.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\41971B7B0FA193632407FCD4F9C872AA5682CD67.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\4419F4D27EFEE15F3244E6F0642E78BDBBE6B309.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\460B74CD75B8254CADF527D647CFE239EA993F12.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\495CC65BC2DE73A36D1D86426430B3C743BD9480.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\4AF45AFBB8E7A7837750BA583A9454BBAA68883E.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\4C693FEDFE17FA914B7DDCCB5D278A60977BEA2B.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\5882BEFD1F558AEA01D43792C8898AE6929EC5D1.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\58BA64D81D924D1C905A0FFC0CA0D825E7B1637C.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\5B102C4CB23E5F72E6A944F46F2122E0D80C401D.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\60C0A0126E66DFF8A069917CAF584E89AD1FB528.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\638AD883D95C6342D93DA2822C183CC0F0416EA0.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\663ECF4FCF1B2C890B1AEE9992E82BD0A69CB979.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\69BFB4C11362D9344CB291F164007CE2E9043888.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\71DD437F6152F4AC9873BB7F1B6A5312AF279529.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\80F52BA8DCEC85DDD93458BC0704D3FDA7233353.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\8DE60A4AF7B95F0B8B224CA43668E262B0970FCE.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\A56F23907F6CC414EEF866E731F4AE210F987E79.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\B481640C45D9535DB0E162BF40CDC4EBBD4683FE.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\B9461B3C912E1B63E71B6B4246F0BA28BEA6095E.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\C173BE86ACA4E5F162CCFE11C3E089AA34E1C1EA.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\cache.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\CE2AF836F10392AF6BCE58041AD5A4EA9584D14A.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\D621D995A4CFE1B0FE9057F4E9B9C5935A3AFDCF.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\D919079FD9F70751C10D11F810AC187892C5AF2D.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\DB890D8197E290211789F06D05A2283B79B91DB1.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\E3EC9FAB30AA3E083933173DBD4FA4AFED7E3FF5.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\F1072582AF66ED415F87081C60B2136806CC718D.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\F17DF6B149FFBB82BB9BF68541445C3B958280B5.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\F2D9F47D16042CA6BE0D0DE6D482D0AF7914C8C1.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\F5BD7342FDA72A52D25FB4FB3D65FE4E0AE5E394.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\FDA164E7AF470F83EA699A529845A9353CC26576.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\active\FFE5F7D935D49B53CB05B00769D86F0305850F76.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\azureus.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\azureus.statistics
    c:\documents and settings\Canucklehead\Application Data\Azureus\banips.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\cache\1191085919.ico
    c:\documents and settings\Canucklehead\Application Data\Azureus\cache\381727708.ico
    c:\documents and settings\Canucklehead\Application Data\Azureus\cnetworks.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\devices.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\dht\addresses.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\dht\contacts.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\dht\diverse.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\dht\general.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\dht\version.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\downloads.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\ipfilter.cache
    c:\documents and settings\Canucklehead\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
    c:\documents and settings\Canucklehead\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
    c:\documents and settings\Canucklehead\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
    c:\documents and settings\Canucklehead\Application Data\Azureus\logs\MetaSearch_Engine_6.txt
    c:\documents and settings\Canucklehead\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
    c:\documents and settings\Canucklehead\Application Data\Azureus\metasearch.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\net\pm_7992.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\net\pm_default.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.jar
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\aefeatman_v\aefeatman_v_1.0.2.zip
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\aefeatman_v\plugin.properties
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\aefeatman_v\plugin.properties_1.0.2
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.2.jar
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.2.zip
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.3.jar
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.3.zip
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.5.jar
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\azump_1.5.zip
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\mplayer.exe
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azump\mplayer\config
    c:\documents and settings\Canucklehead\Application Data\Azureus\plugins\azupnpav\cd.dat
    c:\documents and settings\Canucklehead\Application Data\Azureus\rcm.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\sidebarauto.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0038425D51C08D8FEB0E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\017EC00C99CA9337E3CB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\01AFA21BED4E69BF8EDB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\01FE0E4954FEEB299706.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\027452D04D491741744C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\02932E05693FB6C86E41.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\02AA27ED74C3BBB56B42.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\03DD52D7496FA076FFD1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\047969C2F30A401262F9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\050E3F5B20E38D067E1E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\05CB2E1E1AEF712ED1EE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0628E73B9EE62DDEEFA4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\064C53C2750A19B523EC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\080CBFDD763057C0601E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\08B8FBBF3A53D7DF6203.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\09A4EF071DB008D2F8DB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0AF0DA8E3320CA2808D4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0DC06C0EA48B2356E008.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0ED45310A861741CD7AB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\0F193C9F601B15C4EFFE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\102FBCB85B3D2924EF7E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\12916DDCA112CB3D5112.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\12E433396A25DDA51A9A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\12F328D86BBF23CD58D5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1403F17170192B955F01.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\142A23752BB22F2210E2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1468CD30704D406CD0E1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\14825D0D52FC38D7AE34.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\151DF88A4BCFE63CC930.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\152DDC20BCA924D06600.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\15E4749EFFB8B8512168.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\15F2C95FD482653CC000.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1631AA84DFD110F3231D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\16570E18BD2B5479BE66.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\176B90BA325B73A52EC7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\17FA4A7BB5E6CEBED5B7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\18B4DA473CFD549A6B13.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\18E70234A02B8BA749A7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\19E94E9B501CB8B21D6F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1A3FC0313635EB3FFECF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1AB7024C3369B9E5943C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1B475AD02F25E372596F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1B8FE2D62D304F24448A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1BBB966397F44E660A50.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1C16AED5551E412A780F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1CE5541C9CF619770B07.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1F7937340453F1B28319.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\1FDD5677F67D9413FE04.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\20DDC877451ABD2AF15A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2266987B15E8D0C3682C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\232E059D82033345DD27.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\23C07FC046663EDB38E5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\24D46AA0E18BC94686CA.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\25635D892C8F2A13B9A6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\27AD6504451BF55BE4E1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\289E8AB12A8FFA654E44.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\295735F98560C1D42F24.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\295B7D382A28A52453CD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2A64190216A4726B96CC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2AA2E21A1590756589DD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2BAE45F8F99173AB39B8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2BD21A389DE647DAE173.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2DD34BCB85CDDCB979F0.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2DF1E5A477520DD07666.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2F16F96C1DDAB2558A1D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2F958A7A3C7B19922A3E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\2FE874D5D535C04F67C6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\314947EB311380122E44.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\31B6ABCECB724DFCC07A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\31CCBB8ED225F2F97951.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\31D66C05AA462F70E83F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\32AF159F123ADA6434F9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\32E8D1849848B7F51127.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\32EBAFE02C92D1263B24.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\332635D3AD3F19A612B7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\344ADBAE7AB31BF84058.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\374FD9CEB7A0E8F58764.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3A0E156FEAF615340ED5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3A2D8E8A059886FFA5C6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3ADD758FE71BB2208A77.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3BB65C6F3471371C4AB9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3BFFE6C2DF9125A520CE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3DD4ECBF76D343BDD9E7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3E96DFB0C398B6CB7DA6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\3FD131FBEED51F6C8C73.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\402BC45EC181B4C5E079.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\407254E018C2B527C3ED.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\40A0443CBAEE2E73E3DC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4201A6CD3761F3DA6F02.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\428870FB845DFB86BDFF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\447229A3A371779E8871.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\44B98C2CA663BA419990.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\459539E7D999453A9AE9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4951B1FB7CD03ED90F82.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4CD9B0816DFB56E76FB9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4DB89BB311531CDA9163.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4DC0706C9AA6524516B7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4E14224BABC0B91CF279.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4E52720D295BF1A3277A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4E6F07E72424D9BE5E90.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4F2F48066E92CCC26818.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4F3F92E98BE8E4C00295.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\4FB713647C7980B06C08.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\51A2E99917A2ED165FA9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5229CB43C96F35D36DA6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\52C6D09A02BBB590C252.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\53C2AEED1BD7202F9BCF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\53D3BAB3502B33A4ECED.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\54004C0B7ADCCE4069C9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\55146EAA008D7710D613.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\559898E158B212CC9A90.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\569536672351FC1D9BC6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\56FD3A5B16A0F1315761.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\576F925C014744E0A3C8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\581765478D3517627C73.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5A284EE42B5324A0F1D6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5B20B954F9775B623888.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5E08384F3C29FCB89D12.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\5ECD259B911625A92131.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6010B8D7899CEFD15C7D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6151F2061839B90627CC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\632A20E73961F1C133F2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6332C699CA9E7FFEC63B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6369B61884C318BFE5A8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6470DAD82818DCC1BC24.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\64C437DD4CCA91E0E318.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\652295769F010C05B030.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\65849B95E8842861A0E0.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\67D889DC747F3727180C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6824755C86CF5244EBB4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\690E9EB57832EEC2420F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\69457B1B3DF215E2FE0E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6A6856F9927BCAC2E870.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6B02BED4336DF2FD8890.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6C00A3C30A564D255E10.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6E02FAF0A7F9C5DEFF7B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6E1B307BFB9E87663BC5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6E2FFAE03E61DC27278D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\6FF821C3E486A4913CC7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\70227A3A0380372F1466.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\705D985FC32D8B3C2852.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7087BBD205A7CDC36CF5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7121CFED9C398458EF19.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\723EF567A591C3D6FEFF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\72B0BE5D9D33E3C093B1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\737553100CB057ACF094.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7472680B49ACBCFA19D9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\74FD18DB72E6BE715331.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\75A8FCC5A894611AF348.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7607ECBCDD1F5641C7DC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\76092D6487F03F51093D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\778CE4C77F5E58A8A0CC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\79D0146B15851A703E92.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7A14C3C38192BFD8ED9E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7AAF95CB03E63CB403E7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7AC11AC478C281EEF661.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7B3FDB0D8C9834C21102.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7BD607B0A830BD30B027.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7D7B4FEF3991007F8474.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7E491B3DF273725F2F6F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7F1208C4D07EA84246F5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\7F3CBEC5D5DA9A4118A4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\800F400CFFD25F715D9B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8060C3313C66DF45F383.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\819A6C169B0A45DCAF33.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\823EAE3A647490521421.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\829E59C40EFFE22EB406.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\836C1A4881FE25A1201F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\84663CFDB94A01134CE1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\849D5960FB6A33B98758.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\84A725F1FACC91400EEF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8518327D0D62BB94EF10.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8577D2B5F58B754A6A89.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\87ADF8E41A1DB5628FEF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\87BD246CA7B5FCEA26CF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\87E23B1872099785E348.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\88BFCF7C3A8648266C0B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\897A6FFE9CCA29E2B0AD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\899DBA29AA24FFA4D1C0.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8A0069578CC41215D8F0.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8A58D503C8E522B174D2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8D5FEFE2770EC9754672.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8ECAE6D034B64C6F5129.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\8EE6CEF5BAFAF46EF69C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\900C1E0998B587F65A47.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\91AFDD2F5413490350E8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\91B2B05808E1B2FFA4F8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9293A437651EB23DB78C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\935B3F38351D4D12DEC9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\941CC020F1B0313C995B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\943BCDF5B51CE2B01B0F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9475B6E85533F691DF49.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\95743D7123DD0F37D07E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\95A7C491370877A44EF9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9668F65901F954D108AF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\980B75A63F2C10201C14.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\995F63F7C97D0E78A9E6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9B684245C8D0EA3A3680.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9B8DD3C9B0E393C1EE06.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9BDE6FF27B7E7414E141.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9D113F0D687FD91C603E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9D6BA42ED22C72373DAC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9E3622316577F5B35702.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9EE56FAACC5D7E2C2022.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\9F59FC43C637F5732685.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A1D8FB23D553DA05673D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A2942945B603F4086A1C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A32B46A6D4E87985726A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A3727447B455EACC3642.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A3CBD165FFD17EC012A1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A42285FB7DF03C5583C2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A467A4E601BA7AF7C487.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A4BDB58D8B1B63C8A575.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A4F7F67876C720E8773C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A57341AB2AA7A98D5F19.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A83882EF222A6471D674.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A858B955D27E0BD26BA6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\A96AF2FEB1A755D11213.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AA18A55630A89D766D85.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AA36395F0C99E87D7BD3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AA40FA3CD2A4653245E5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AA449F902BCE402A9ACD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AA94796F2DBB52947A0E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AAED5286BFC65D171AE2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AB77A8E82C63A68AF3AB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AB948CF1C2A6AC748A8D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AE9502FCAE75C104730E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AF04A06FB5111FFAE54E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AF18919036C6C6EA0E94.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\AF374B3FBED2F1078C7F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B0E7EBD96ADDC33CB887.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B101F35563A02A6C6466.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B1617D55202A3AACCB02.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B18DA3D9C4156FF5F2CE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B3EA9FB5E7B10013366B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B3FD000F3294C6725128.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B57DFD9A055D02BA9CAC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B838F5D871039A5EF5B3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B87109D6637C942B0235.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B8C27A41F09150C14FED.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\B9483DDF53C92F01C7F3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BA99977C59546B2C2195.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BAD9AC808DA5DC699651.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BAEFA8B8E25F52CB891C.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BBA708018991E48BD0CC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BBFFB23EB1C7C9B28294.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BC330A5B5B760F1BAE11.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BC4AF4CA693A0BE5F255.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BD293EA13C5D3A8EA4BC.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BDD87EBC842AE9E263BB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BDEEFB8EB09D7BF210E6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\BF11670371F3276C7B46.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C0F97932CCA7BE4B0A06.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C1181DBAB72DD16EB649.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C1581AD8A0065600CDAE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C25ED0613C5394704445.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C45EF955E90030FFE33F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C732D6BA9C09C29B2FA3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C7E17267F47DE56CDA44.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C7F41A5323A145FBECC2.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C7FA8FE0F7D1470B0B14.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\C9EBC80E3E1D103634DB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CABACCCF09E65183832F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CAEBDE358F190B216D72.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CBC985DF9F6906C44C12.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CC14D5EF11EB663649DD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CC49D253BB86D010AC52.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CE22771EC242C845C71A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\CEEEC41EA90283BCEAF4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D0BCBBD71E7EEB4FB06A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D10CC4E6AE7BBD3726EF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D28C60B86BEA259A0219.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D28E7EC69D660E82AF5F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D44784B7433BB66BE6CB.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D44D3D866B7AC7A2EFCD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D6E0FFF572F30332B910.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D7CB99B35445DD456F37.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\D9A2A532CA66048CE074.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DABCC01B377A44C1695F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DB0A6203CC830E7FFBC5.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DB8EBA0A8243FAC1DD16.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DBECB3120E5387DDEED7.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DC455E14BB0EA4F1D5F9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DC525E366EFA7ACECB3A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DCD20AB6684A16AA1475.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DD2FFBE3348E4899278F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\DFEAC60CAD15BA1B80F8.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E306B81B6A7913FB2504.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E446AA0DC71A96559F81.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E45B0F35A3FD69EB5AF3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E6925ADD353B0CC4752A.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E6A810C0D7599C2A37F4.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E7864759D2282561BEAE.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E8B30B4287BC634108EA.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\E9B091682401E4C5E76E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EA7C16520E10B526971B.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EADAA70B76055F813349.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EC03C8EF1869F5047B33.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EC1EA4CD184D3EC77C1F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EF62E469CEFEA191CB35.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\EFC1F6E90BCC56A982C1.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F07279E115F3777EF5CF.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F2E4DFC6B5148B3F0689.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F2F315889848B0EAB39F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F2F733158445FA5EE38D.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F34649A54A24BEDB5770.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F514FE463807C6DD00D3.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F697EC37C5A4D154EB6F.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F6FD42A04E211BEA8275.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F84C75A6100B899F5004.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F91977B5307E26B3E155.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\F9E0FBEA7EB29AD9EDCA.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FA6A5CC4E12EC182B552.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FB407B2EA82A79A48DE9.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FCC2536030253D899C1E.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FDA6C9DF3B7E1F2FABB6.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FF498E52464125C9E1CA.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subs\FFB1F59404902554E419.vuze
    c:\documents and settings\Canucklehead\Application Data\Azureus\subscriptions.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\tables.config
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[2007]_Im_A_Believer_(The_Best_Of)_-_The_Monkees_320kbs_[only1jo.5590091.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]2142.36894121[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]87490[2006].58879114[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]natgeo1.45265800[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]natgeo2.42582813[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]natgeo3.29932928[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]natgeo4.58091770[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\[WWW.TORSKY.ORG]natgeo5.39289348[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\05FE09C86AC47DF2BE34D76A4508F3CD4D435835.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\06EEF03FD95DC7631074E38A3556E7701016B50A.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\3A4E641B492B1651B192923691D042F237745319.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\50D30D086E187680D708F514355A73B480DAC80C.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\7EC105105134B10597EB6F53102DE06F0D972947.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\8DE60A4AF7B95F0B8B224CA43668E262B0970FCE.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\95561
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\A Christmas Carol (2009) TS NL Subs DivXNL-Team.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Alice_in_Wonderland_(2010)_DVDRip_XviD-DiAMOND.5556606.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\April_Wine_The_Hits.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Avatar[2009]DvDrip[Eng]-FXG.5486729.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU3989995766790348026.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU5075415052393638750.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU5561317217744316754.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU5738389411461771177.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU6448521782058290369.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU6802289490442431922.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU8662523506255841181.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\AZU9003439976639382882.tmp
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Best_Of_2_DVDRIP__All_Sex_.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Bob_Marley_-The_best_of[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Brooklyns_Finest_(2009)_DVDRip_XviD-MAX.5645216.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dexter_Season_1_Complete_DVDRip_x264_by_RiddlerA.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Christmas_with_Bing_Crosby.5203946.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dexter_Season_2_Complete_DVDRip_x264_by_RiddlerA.4693187.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Complete_Home___Do_It_Yourself_Guides_No2.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Cop.Out.R6.LINE.XVID-PrisM.5488497.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\CSI.S10E05.HDTV.XviD-NoTV.avi.5140521.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Death.At.A.Funeral.2010.DVDRip.XviD.AC3-Rx.5689324.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dexter.S02E01.PREAIR.DVDRip.XviD-SiTV.3745688.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dexter_Season_2_Complete_DVDRip_x264_by_RiddlerA.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\District_9_(2009)_DVDRip_XviD-MAX.5136368.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\download.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dreamweaver 8 For Dummies.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\F5BD7342FDA72A52D25FB4FB3D65FE4E0AE5E394.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Green_Zone_(2010)_DVDRip_XviD-MAX.5615596.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Dexter_Season_4_Complete_DVDRip_x264_by_RiddlerA.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Iron_Man_2_2010_TS_XviD_Xclusive_LKRG[ExtraTorrent].5529041.TPB.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Levon_Helm-8_albums.4628253.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Levon_Helm_-_Dirt_Farmer.3960913.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Live_-_Lightning_Crashes___320kbit.5086276.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Lynda.com - Dreamweaver CS3 Essential Training DVD-CFE.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Lynda.com - DreamweaverCS4 Essential Training.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\National.Geographic.The.Truth.Behind.the.Bermuda.Triangle.720p.H.5444471.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Sherlock_Holmes_(2009)_DVDSCR_XviD-MAX.5285178.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Shutter_Island_(2010)_R5_DVDRip_XviD-MAX.5436483.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The.Simpsons.S20E01.PDTV.XviD-LOL.avi.4418644.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The.Simpsons.S20E02.PDTV.XviD-XOR.avi.4430606.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The.Simpsons.S21E01.Homer.the.Whopper.HDTV.XviD-FQM.avi.5102642.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The.Simpsons.S21E02.Bart.Gets.A.Z.HDTV.XviD-FQM.avi.5110686.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The.Truth.Behind.The.Bermuda.Triangle.HDTV.XViD-NANO.5519823.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Blind_Side_DVDSCR_XviD_AC3-DEViSE(No_Rars).5204018.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Book_of_Eli_(2010)_DVDRip_XviD-MAX.5569356.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Book_Of_Eli_2010_TELESYNC_H264_AAC-SecretMyth_(Kingdom-Relea.5305177.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Bounty_Hunter.2010.R5.LiNE.Xvid__1337x_-Noir.5487023.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Bounty_Hunter_TS_XViD_-_IMAGiNE.5457565.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Karate_Kid_DVDRiP_R6_XViD-KiNGDOM_(Kingdom-Release).5660793.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Monkees_-_Greatest_Hits.3260468.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\The_Rolling_Stones-Exile_On_Main_Street_Remastered_[2010].5584645.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Tommy_James__amp__the_Shondells.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Tooth.Fairy.2010.DvDRip-FxM_ExtraTorrent.5481229.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Total.Training.For.Macromedia.Dreamweaver.8-iNSPiRON.torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\UFO_The_Secret_NASA_Transmissions_The_Smoking_Gun_[doc-2004]_(Xv.5535053.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\Waist_Deep_(2006)_DVDRip_XviD.4601656.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\torrents\When_in_Rome_DVDRip_XviD-DiAMOND.5592441.TPB[1].torrent
    c:\documents and settings\Canucklehead\Application Data\Azureus\update.properties
    c:\documents and settings\Canucklehead\Application Data\Azureus\VuzeActivities.config
    c:\program files\Vuze
    c:\program files\Vuze\debug_1.log
    c:\program files\Vuze\plugins\azemp\azemp_3.1.6.jar
    c:\program files\Vuze\plugins\azemp\azemp_3.1.6.zip
    c:\program files\Vuze\plugins\azemp\libmprCanvas_1.2.jar
    c:\program files\Vuze\plugins\azemp\plugin.properties_3.1.6
    c:\program files\Vuze\plugins\azemp\vuzeplayer.exe
    c:\program files\Vuze_Remote
    c:\windows\lsrslt.ini
    c:\windows\Ryilesagubin.bin
    c:\windows\Wyayehamirol.dat
    C:\zrpt.xml

  9. #9
    Junior Member
    Join Date
    Dec 2008
    Posts
    27

    Default

    The reamainder of combo fix and the Kaspersky log.

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF


    ((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
    .

    2010-08-02 17:24 . 2010-08-02 17:24 -------- d-----w- c:\program files\VS Revo Group
    2010-07-31 20:38 . 2010-08-02 16:49 -------- dc----w- c:\documents and settings\Canucklehead\Application Data\VirtualStore
    2010-07-31 16:46 . 2010-07-31 20:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-28 21:23 . 2010-07-28 21:23 -------- dc----w- c:\documents and settings\DK\Application Data\Epson
    2010-07-28 19:42 . 2010-07-28 19:42 -------- d-----w- c:\windows\system32\wbem\Repository

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-02 17:37 . 2006-09-10 10:15 -------- d-----w- c:\program files\QuickTime
    2010-08-02 10:56 . 2008-07-08 18:25 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-02 09:55 . 2008-07-10 00:19 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
    2010-08-01 13:32 . 2010-07-31 17:51 112 -c--a-w- c:\documents and settings\All Users\Application Data\vRlc14d.dat
    2010-07-31 21:06 . 2009-10-06 07:47 1744 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-28 17:32 . 2006-09-13 07:55 -------- d-----w- c:\program files\xnews
    2010-07-15 22:22 . 2009-11-30 20:56 -------- dc----w- c:\documents and settings\Canucklehead\Application Data\Vso
    2010-07-15 22:10 . 2010-06-03 21:00 -------- d-----w- c:\program files\PeerBlock
    2010-07-15 17:18 . 2009-12-20 12:47 -------- d-----w- c:\program files\fishsim2
    2010-07-12 08:52 . 2009-01-23 02:02 -------- d-----w- c:\program files\AVG
    2010-07-09 11:07 . 2009-10-19 08:34 1632 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-03 13:12 . 2010-07-03 13:03 -------- d-----w- c:\program files\PCPitstop
    2010-07-03 13:04 . 2010-07-03 13:03 -------- dc----w- c:\documents and settings\All Users\Application Data\PCPitstop
    2010-07-02 14:18 . 2010-07-02 14:07 -------- dc----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2010-07-02 14:07 . 2009-05-13 23:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-02 14:02 . 2008-09-29 20:00 -------- d-----w- c:\program files\Replay Media Catcher
    2010-07-02 14:01 . 2010-06-16 19:33 -------- d-----w- c:\program files\Syd
    2010-07-02 14:01 . 2010-06-03 20:07 -------- d-----w- c:\program files\PeerGuardian2
    2010-07-02 14:01 . 2008-09-07 12:44 -------- d-----w- c:\program files\Hide IP NG
    2010-06-30 20:27 . 2009-05-11 14:55 -------- d-----w- c:\program files\COMODO
    2010-06-29 20:54 . 2010-06-29 20:49 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg
    2010-06-26 17:03 . 2010-07-31 16:46 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
    2010-06-17 22:56 . 2010-06-17 22:56 -------- d-----w- c:\program files\Smallvideosoft
    2010-06-17 21:54 . 2008-09-29 20:02 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
    2010-06-17 21:54 . 2008-09-29 20:02 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
    2010-06-11 18:04 . 2007-01-30 20:22 -------- d-----w- c:\program files\LBprogs
    2010-06-02 22:18 . 2008-09-07 12:44 868452 -c--a-w- c:\documents and settings\Canucklehead\Application Data\Hide IP NG\hideipng-update.exe
    2010-05-30 09:47 . 2010-05-30 09:47 341504 ----a-w- c:\windows\system32\yowindow.scr
    2009-12-10 16:46 . 2009-12-10 16:46 195 ----a-w- c:\program files\dvdrip.ini
    2009-12-10 16:44 . 2009-12-10 16:44 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
    2009-05-11 16:00 . 2009-05-11 15:43 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
    2009-05-11 15:43 . 2009-05-11 15:43 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
    2009-05-11 15:42 . 2009-05-11 15:42 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
    2009-05-11 15:41 . 2009-05-11 15:41 13686112 ----a-w- c:\program files\winzip112.exe
    2009-05-11 15:40 . 2009-05-11 15:40 1878888 ----a-w- c:\program files\install_flash_player.exe
    2006-10-04 16:23 . 2006-10-04 16:23 1446442 -c--a-w- c:\program files\moviecodec.zip
    2006-09-13 07:54 . 2006-09-13 07:48 713503 ----a-w- c:\program files\xnews.zip
    2005-07-14 19:31 . 2006-05-24 17:37 27648 -csha-w- c:\windows\system32\AVSredirect.dll
    2005-06-26 22:32 . 2006-05-08 18:07 616448 -csha-r- c:\windows\system32\cygwin1.dll
    2005-06-22 05:37 . 2006-05-24 17:37 45568 -csha-r- c:\windows\system32\cygz.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    --- c:\documents and settings\All Users\Application Data\vRlc14d.dat ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 112
    Created time: 2010-07-31 17:51
    Modified time: 2010-08-01 13:32
    MD5: 914EAC407EB78F5D2FE0B9695D3812DE
    SHA1: F2AA517827F58404B6EC17D6470D4A2C1FBDED52


    --- c:\windows\system32\rmc_fixasf.exe ---
    Company: Radioactive
    File Description: asfbin
    File Version: 1, 7, 1, 756
    Product Name: asfbin by Radioactive
    Copyright: Copyright © 2001-2007
    Original Filename: asfbin
    File size: 156672
    Created time: 2008-09-29 20:02
    Modified time: 2010-06-17 21:54
    MD5: 2CC31CEC30A431848310DFE3031D4C59
    SHA1: 02590BAF0DA7B75AA69797A84861C4A505659D00


    --- c:\windows\system32\rmc_rtspdl.dll ---
    Company: ------
    File Description: ------
    File Version: ------
    Product Name: ------
    Copyright: ------
    Original Filename: ------
    File size: 237568
    Created time: 2008-09-29 20:02
    Modified time: 2010-06-17 21:54
    MD5: 5100207E91B63548AB61E5377C4A9DBA
    SHA1: C389D3C7CFEA0F63113BA149EB0230EDCD63AF64


    --- c:\windows\system32\yowindow.scr ---
    Company: repkasoft
    File Description: YoWindow screensaver
    File Version: 1, 0, 0, 0
    Product Name: YoWindow screensaver
    Copyright: (C) repkasoft 2009, All rights reserved
    Original Filename: Saver.exe
    File size: 341504
    Created time: 2010-05-30 09:47
    Modified time: 2010-05-30 09:47
    MD5: 9D5B1CCE7E57FF9E890FC746618C1785
    SHA1: A01A847D1092A742290ECED03E2FA2EC9BBFD200


    ((((((((((((((((((((((((((((( SnapShot@2010-08-02_10.13.33 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-02 17:48 . 2010-08-02 17:48 16384 c:\windows\temp\Perflib_Perfdata_5c4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
    "SoundMan"="SOUNDMAN.EXE" [2005-05-17 77824]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
    "nwiz"="nwiz.exe" [2003-07-28 323584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-28 15:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
    2009-01-09 22:39 46392 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\windows\system32

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\WM Recorder 10\\WMR90.exe"=
    "c:\\Program Files\\WM Recorder 10\\WMR.exe"=
    "c:\\Program Files\\WM Recorder 10\\RMR.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "139:TCP"= 139:TCP:@xpsp2res.dll,-22004
    "445:TCP"= 445:TCP:@xpsp2res.dll,-22005
    "137:UDP"= 137:UDP:@xpsp2res.dll,-22001
    "138:UDP"= 138:UDP:@xpsp2res.dll,-22002
    "1087:UDP"= 1087:UDP:Windows Media Format SDK (iexplore.exe)
    "1086:UDP"= 1086:UDP:Windows Media Format SDK (iexplore.exe)
    "1089:UDP"= 1089:UDP:Windows Media Format SDK (iexplore.exe)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\RemoteAdminSettings]
    "RemoteAddresses"= *
    "Enabled"= 1 (0x1)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 8:27 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 8:27 AM 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/28/2009 10:06 AM 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/28/2009 10:06 AM 297752]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
    S2 gupdate1c98c18bb6bdaa2;Google Update Service (gupdate1c98c18bb6bdaa2);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S2 gupdate1ca58cb355289cc;Google Update Service (gupdate1ca58cb355289cc);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S2 gupdate1cb0d5bf19c53a4;Google Update Service (gupdate1cb0d5bf19c53a4);c:\program files\Google\Update\GoogleUpdate.exe [2/11/2009 2:17 AM 133104]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_service.exe [1/9/2009 5:39 PM 46392]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/3/2010 4:00 PM 14424]
    S3 PentaxUsb;PENTAX Optio E10 on USB;c:\windows\system32\drivers\CoachUsb.sys [5/2/2007 5:04 PM 50976]
    S3 PentaxVc;PENTAX Optio E10 Video Capture;c:\windows\system32\drivers\CoachVc.sys [5/2/2007 5:04 PM 44256]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 07:16]

    2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 07:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
    uInternet Settings,ProxyServer = socks=
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-02 12:49
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(392)
    c:\program files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll

    - - - - - - - > 'explorer.exe'(3004)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\AVG\AVG8\avgcsrvx.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\SOUNDMAN.EXE
    .
    **************************************************************************
    .
    Completion time: 2010-08-02 12:54:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-02 17:54
    ComboFix2.txt 2010-08-02 10:18

    Pre-Run: 43,563,212,800 bytes free
    Post-Run: 43,546,939,392 bytes free

    Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=1,2,3,4
    - - End Of File - - 52AFE9E141BF00D8663C1ACC19E7C871





    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Monday, August 2, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Monday, August 02, 2010 14:12:43
    Records in database: 4162558
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    E:\
    F:\

    Scan statistics:
    Objects scanned: 218918
    Threats found: 4
    Infected objects found: 6
    Suspicious objects found: 0
    Scan duration: 04:36:00


    File name / Threat / Threats count
    C:\Documents and Settings\Canucklehead\Desktop\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\21\339da2d5-33019754 Infected: Exploit.Java.Agent.ca 3
    C:\Qoobox\32788R22FWJFW\redbook.sys Infected: Rootkit.Win32.TDSS.ap 1
    C:\WINDOWS\system32\drivers\etc\hosts.20090520-180213.backup Infected: Trojan.Win32.Qhost.mcf 1

    Selected area has been scanned.

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    May I see a fresh dds.txt log too, please?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •