Is 600pics.com a problem?

[HSPower1972]

I have recently noticed--using the WhatsRunning application--that I have four IP connections to 600pics.com. I can't remember ever visiting the site. I recently removed some malware that was diverting google links to bestwebsearches.com. Now I no longer go there when I click on a link in a google search. This is in IE8. Both www.600pics.com and 600pics.com are in my hosts file, so I can't access the site. Are these connections of concern? The app being I also notice two of these reference the svchost.exe file the other two reference iexplore.exe. Also, two IP connections to this same site open up when I have Outlook running or minimized to the tray.

Here is my hjt log of this date:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:53 PM, on 6/29/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.5:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS2\system32\dla\tfswshx.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - C:\WINDOWS2\system32\vtsqq.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CDFA58-BAA3-4C29-BD94-83FBB681E11B}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS2\system32\EZTOOL~1.DLL
O20 - Winlogon Notify: byxvvtr - byxvvtr.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS2\system32\ieframe.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8487 bytes

Thanks for any help.

 

[Blade81]

Hi,

Those are normal when you have them included in hosts file. However, there is some malware related stuff there. Better check things more throughly.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

 

[HSPower1972]

DDS data

Here is the DDS.txt file contents:


DDS (Ver_09-06-26.01) - NTFSx86
Run by DBP at 18:46:12.90 on Fri 07/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.230 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\msiexec.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\system32\wuauclt.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DBP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
mSearchAssistant = hxxp://www.zpecialoffer.com/indexie.html
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows2\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {8b2a62d8-e333-42c1-955b-dc5278f9ff4d} - c:\windows2\system32\vtsqq.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: byxvvtr - byxvvtr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows2\system32\ieframe.dll
LSA: Authentication Packages = msv1_0 c:\windows2\system32\vtsqq.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dbp\applic~1\mozilla\firefox\profiles\offgqknp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [2009-6-14 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1005904]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [2007-12-28 287232]
S1 driverdrv;driverdrv;\??\c:\program files\driver\driver.sys --> c:\program files\driver\driver.sys [?]
S1 tdpipee;tdpipee;c:\windows2\system32\drivers\tdpipee.sys --> c:\windows2\system32\drivers\tdpipee.sys [?]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [2006-9-2 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\drivers\adsfilter.sys --> c:\windows2\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\drivers\bw2ndis5.sys --> c:\windows2\system32\drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [2007-1-13 347648]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79520]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]

=============== Created Last 30 ================

2009-06-29 17:13 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 11:06 <DIR> --d-h--- c:\windows2\msdownld.tmp
2009-06-27 11:06 <DIR> --d----- c:\windows2\Logs
2009-06-20 08:22 <DIR> --d----- c:\program files\XZAKTFrontFXTools1
2009-06-14 19:46 15,688 a------- c:\windows2\system32\lsdelete.exe
2009-06-14 17:56 64,160 a------- c:\windows2\system32\drivers\Lbd.sys
2009-06-14 17:45 <DIR> -cd-h--- c:\docume~1\alluse~2.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 17:45 <DIR> --d----- c:\program files\Lavasoft
2009-06-11 17:17 <DIR> --d----- c:\windows2\system32\wbem\Repository
2009-06-11 17:15 <DIR> --d----- c:\program files\common files\WORDsearch
2009-06-11 17:15 <DIR> --d----- c:\docume~1\alluse~2.win\applic~1\wsc
2009-06-11 17:15 <DIR> --d----- c:\docume~1\dbp\applic~1\EBookSys
2009-06-10 22:15 66 a----r-- c:\windows2\amunres.lsl

==================== Find3M ====================

2009-06-30 22:02 524,288 a------- c:\windows2\system32\Busy_Wait.exe
2008-05-13 19:49 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÝÃÄΛÒ3113›.sys
2008-03-30 08:45 2,400,784 a------- c:\documents and settings\dbp\WLinstaller.exe
2008-03-04 11:10 724,984 a------- c:\documents and settings\dbp\gotomypc_437.exe
2008-02-27 01:05 774,144 a------- c:\program files\RngInterstitial.dll
2008-02-08 14:03 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÐÒÝÃÄ3113›˜.sys
2007-12-28 15:02 287,232 a------- c:\windows2\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows2\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows2\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows2\inf\wg111v3\SetDrv.exe
2007-08-21 14:10 3,902,784 a------- c:\documents and settings\dbp\gosetup.exe
2007-08-21 11:28 491 a------- c:\program files\UnInst.log
2007-01-25 21:28 722,176 a------- c:\documents and settings\dbp\gotomypc_428.exe
2007-01-20 10:01 563,712 a------- c:\documents and settings\dbp\gotomypc_370.exe
2006-12-15 11:30 315,392 a------- c:\windows2\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows2\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows2\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows2\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows2\inf\wg111v3\RTWREFU.EXE
2006-03-07 17:09 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÝÙÃÄ3113›.sys
2006-02-07 12:36 563,712 a------- c:\documents and settings\dbp\370_gotomypc.exe
2005-11-22 10:40 483,401 a------- c:\documents and settings\dbp\314_gotomypc.exe
2005-11-02 20:01 13 ----h--- c:\docume~1\alluse~2.win\applic~1\13.sys
2008-02-26 06:36 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008022620080227\index.dat

============= FINISH: 18:47:45.96 ===============

And here are the contents of the Attach.txt file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/15/2008 4:31:47 PM
System Uptime: 7/3/2009 6:35:51 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 72 GiB total, 22.444 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 31 GiB total, 20.013 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_019D1028&REV_02\4&1C660DD6&0&40F0
Service: E100B

==== System Restore Points ===================

RP553: 4/19/2009 1:20:20 PM - System Checkpoint
RP554: 4/20/2009 11:18:59 PM - System Checkpoint
RP555: 4/22/2009 12:50:38 AM - System Checkpoint
RP556: 4/23/2009 12:57:49 AM - System Checkpoint
RP557: 4/24/2009 11:37:19 AM - System Checkpoint
RP558: 4/25/2009 12:25:21 PM - System Checkpoint
RP559: 4/25/2009 2:05:06 PM - Installed Xara3D6
RP560: 4/25/2009 2:06:14 PM - Installed Xara Menu Maker 1.1
RP561: 4/25/2009 9:16:09 PM - Installed Xara X1
RP562: 4/26/2009 10:04:56 PM - System Checkpoint
RP563: 4/27/2009 10:58:09 PM - System Checkpoint
RP564: 8/24/2004 12:17:21 AM - System Checkpoint
RP565: 4/28/2009 2:03:10 PM - System Checkpoint
RP566: 4/29/2009 2:36:40 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP567: 4/30/2009 2:41:48 AM - Software Distribution Service 3.0
RP568: 5/1/2009 1:17:25 AM - Installed Compatibility Pack for the 2007 Office system
RP569: 5/2/2009 12:19:14 PM - Installed Windows Internet Explorer 8.
RP570: 5/3/2009 3:04:34 PM - System Checkpoint
RP571: 5/4/2009 3:11:57 PM - System Checkpoint
RP572: 5/5/2009 4:37:37 PM - System Checkpoint
RP573: 5/6/2009 5:06:49 PM - System Checkpoint
RP574: 5/7/2009 5:58:38 PM - Installed Windows Media Player 10
RP575: 5/8/2009 6:15:21 PM - System Checkpoint
RP576: 5/10/2009 3:12:43 PM - System Checkpoint
RP577: 5/11/2009 4:17:21 PM - System Checkpoint
RP578: 5/12/2009 4:38:48 PM - System Checkpoint
RP579: 5/13/2009 4:41:28 PM - System Checkpoint
RP580: 5/13/2009 7:45:18 PM - Upgrading Flash to Version 8
RP581: 5/13/2009 7:47:12 PM - Removed Macromedia Flash MX 2004
RP582: 5/13/2009 7:58:56 PM - Installed Macromedia Flash 8
RP583: 5/13/2009 8:02:47 PM - Restore Operation
RP584: 5/14/2009 8:08:16 PM - System Checkpoint
RP585: 5/14/2009 11:14:04 PM - Installed Macromedia Flash 8
RP586: 5/15/2009 11:39:12 PM - System Checkpoint
RP587: 5/17/2009 3:06:19 AM - System Checkpoint
RP588: 5/17/2009 8:39:54 PM - Removed Apple Mobile Device Support
RP589: 5/17/2009 8:41:32 PM - Removed Apple Software Update
RP590: 5/18/2009 9:37:04 PM - System Checkpoint
RP591: 5/19/2009 12:52:38 AM - Removed Doomi
RP592: 5/20/2009 2:55:11 AM - System Checkpoint
RP593: 5/21/2009 3:27:14 AM - System Checkpoint
RP594: 5/21/2009 10:43:58 PM - Configured NETGEAR WG111v3 wireless USB 2.0 adapter
RP595: 5/21/2009 10:46:27 PM - Installed NETGEAR WG111v3 wireless USB 2.0 adapter
RP596: 5/23/2009 1:36:22 AM - System Checkpoint
RP597: 5/24/2009 1:55:53 PM - System Checkpoint
RP598: 5/25/2009 3:09:01 PM - System Checkpoint
RP599: 5/26/2009 3:55:09 PM - System Checkpoint
RP600: 5/27/2009 4:09:47 PM - System Checkpoint
RP601: 5/28/2009 7:39:38 PM - System Checkpoint
RP602: 5/30/2009 6:51:39 AM - System Checkpoint
RP603: 5/31/2009 8:14:48 AM - System Checkpoint
RP604: 6/1/2009 8:35:49 AM - System Checkpoint
RP605: 6/2/2009 9:13:41 AM - System Checkpoint
RP606: 6/3/2009 9:27:08 AM - System Checkpoint
RP607: 6/4/2009 10:20:15 AM - System Checkpoint
RP608: 6/5/2009 4:54:31 PM - System Checkpoint
RP609: 6/6/2009 9:34:53 PM - System Checkpoint
RP610: 6/8/2009 6:31:18 AM - System Checkpoint
RP611: 6/8/2009 8:50:45 PM - Removed Xara3D6
RP612: 6/8/2009 9:21:29 PM - Removed Xara X1
RP613: 6/9/2009 6:08:54 AM - Software Distribution Service 3.0
RP614: 6/10/2009 6:33:03 PM - System Checkpoint
RP615: 6/10/2009 10:16:49 PM - Removed Visual Infinite Menus
RP616: 6/11/2009 3:03:01 PM - Removed Xara Menu Maker 1.1
RP617: 6/11/2009 3:45:52 PM - Software Distribution Service 3.0
RP618: 6/11/2009 4:51:22 PM - Restore Operation
RP619: 6/11/2009 5:09:53 PM - Restore Operation
RP620: 6/12/2009 7:13:01 PM - System Checkpoint
RP621: 6/13/2009 10:14:43 PM - System Checkpoint
RP622: 6/14/2009 10:56:59 PM - System Checkpoint
RP623: 6/16/2009 3:47:55 PM - System Checkpoint
RP624: 6/17/2009 4:38:19 PM - System Checkpoint
RP625: 6/18/2009 5:02:32 PM - System Checkpoint
RP626: 6/19/2009 8:10:48 PM - System Checkpoint
RP627: 6/20/2009 8:22:33 AM - Installed XZAKT Media FrontFXTools+1
RP628: 6/21/2009 2:59:12 PM - System Checkpoint
RP629: 6/22/2009 8:35:47 PM - System Checkpoint
RP630: 6/23/2009 10:06:35 PM - System Checkpoint
RP631: 6/24/2009 11:06:56 PM - System Checkpoint
RP632: 6/25/2009 11:12:48 PM - System Checkpoint
RP633: 6/27/2009 12:05:16 PM - System Checkpoint
RP634: 6/28/2009 1:25:35 PM - System Checkpoint
RP635: 6/29/2009 3:38:32 PM - System Checkpoint
RP636: 6/30/2009 5:47:08 PM - System Checkpoint
RP637: 7/1/2009 6:37:27 PM - System Checkpoint
RP638: 7/2/2009 7:13:40 PM - System Checkpoint

==== Installed Programs ======================


123 Free Solitaire
Access Drivers
Access to MySQL 4.1
Ad-Aware
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe GoLive CS2
Adobe GoLive CS2 English
Adobe Help Center 1.0
Adobe Photoshop 7.0.1
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AOL Uninstaller (Choose which Products to Remove)
ASAP
Audacity 1.2.6
BACS
Belarc Advisor 7.2
Bible Explorer 4 Download Edition
BiblePro
Bonjour
Broadcom Advanced Control Suite
CoffeeCup Flash Password Wizard
CoffeeCup Web Calendar
Compatibility Pack for the 2007 Office system
Creative Modem Blaster V.92 DE5621
Dell ResourceCD
ERUNT 1.1j
FaxTools
Finale NotePad 2008
FrontLook Java Effects
FrontLook Java Effects VE
Google Earth
Google Video Player
HijackThis 2.0.2
HTML Password Lock 3.2.6
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Ipswitch WS_FTP Pro
iTunes
Java(TM) SE Runtime Environment 6 Update 1
Juno
LAME v3.98.2 for Audacity
Lernout & Hauspie TruVoice for Microsoft Agent
LimeWire 5.1.2
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash MX 2004
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia HomeSite+
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ICE
Microsoft IntelliPoint 6.1
Microsoft IntelliType Pro 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office Converter Pack
Microsoft Office FrontPage 2003
Microsoft Office Outlook 2003 Calendar Views Add-in
Microsoft Office Small Business Edition 2003
Microsoft Office XP Web Components
Microsoft Project 98
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser
My Journal 1.0
NavStudio
NETGEAR WG111v3 wireless USB 2.0 adapter
Netscape Browser (remove only)
NetZero Internet
Opera 9.10
Pivot Stickfigure Animator
POINT
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Setup
Simple CSS 1.2
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sony ACID Music Studio 5.0
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SQLyog 4.06
StuffIt 11
Sudoku Puzzles Pro (remove only)
Symantec KB-DocID:2003093015493306
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Sound Editor
WebFldrs XP
Webshots Desktop
What's Running 2.2
WinBoard
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
XZAKT FrontFX Tools+ 2 1.0
XZAKT Media FrontFXTools+1
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

7/2/2009 5:58:10 PM, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 001E2AD26E59 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
7/2/2009 12:52:16 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
7/1/2009 7:06:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/29/2009 9:53:03 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 3 time(s).
6/29/2009 9:53:03 PM, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 9:41:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/29/2009 9:40:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/29/2009 9:40:27 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/29/2009 9:39:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt driverdrv Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip WS2IFSL
6/29/2009 9:39:51 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 9:39:51 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 9:39:51 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 9:39:51 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2009 5:44:33 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
6/29/2009 10:37:59 AM, error: Service Control Manager [7034] - The WebClient service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 10:37:59 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 10:37:59 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 10:37:59 AM, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/29/2009 10:37:59 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
6/29/2009 10:36:29 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
6/29/2009 10:22:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: driverdrv
6/29/2009 10:16:33 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 4 time(s).
6/29/2009 10:16:33 PM, error: Service Control Manager [7031] - The Universal Plug and Play Device Host service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
6/28/2009 12:49:52 PM, error: Service Control Manager [7000] - The CSS DVP service failed to start due to the following error: The system cannot find the file specified.
6/28/2009 12:49:34 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
6/28/2009 1:58:07 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
6/27/2009 3:58:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

==== End Of File ===========================

Thanks for your help.

Doug

 

[Blade81]

Hi Doug,

Are you using Firefox browser? Uninstall the version you have there. If you're still using it then get version 3.5 here.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.


LimeWire


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[HSPower1972]

Per your instructions, I have uninstalled Firefox and Limewire and run the Combofix application. Here is the Combo Fix log:

ComboFix 09-07-06.02 - DBP 07/06/2009 17:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.240 [GMT -7:00]
Running from: c:\documents and settings\DBP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Charlie\Application Data\SpyGuardPro
c:\documents and settings\Charlie\Application Data\SpyGuardPro\Logs\threats.log
c:\documents and settings\Charlie\Application Data\SpyGuardPro\Logs\update.log
c:\documents and settings\Charlie\ResErrors.log
c:\documents and settings\Charlie\services.exe
c:\documents and settings\DBP\Application Data\SpyGuardPro
c:\documents and settings\DBP\Application Data\SpyGuardPro\Logs\threats.log
c:\documents and settings\DBP\Application Data\SpyGuardPro\PGE.dat
c:\documents and settings\DBP\ResErrors.log
c:\documents and settings\Kathy\Application Data\SpyGuardPro
c:\documents and settings\Kathy\Application Data\SpyGuardPro\Logs\threats.log
c:\documents and settings\Kathy\Application Data\SpyGuardPro\Logs\update.log
c:\recycler\S-1-5-21-494109675-391593797-3254085505-1007
c:\recycler\S-1-5-21-494109675-391593797-3254085505-500
c:\recycler\S-1-5-21-507921405-764733703-725345543-500
c:\windows\Installer\14670.msi
c:\windows\Installer\4dd83.msi
c:\windows\Installer\4dd88.msi
c:\windows2\Downloaded Program Files\ODCTOOLS
c:\windows2\Fonts\a.zip
c:\windows2\system32\drivers\fad.sys
c:\windows2\system32\mcrh.tmp
c:\windows2\system32\url(3).dll
c:\windows2\system32\windows.txt
c:\windows2\Tasks\SysFile.brk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVERDRV
-------\Legacy_NETWORK_MONITOR
-------\Service_driver
-------\Service_driverdrv


((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-04 02:52 . 2009-07-04 02:52 84832 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-04 02:52 . 2009-07-04 02:52 1630560 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 04:41 . 2009-06-30 04:41 -------- d-sh--w- c:\documents and settings\Administrator.MARKETING\IETldCache
2009-06-30 01:08 . 2009-06-30 01:08 314712 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 01:08 . 2009-06-30 01:08 25440 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-30 01:08 . 2009-06-30 01:08 169312 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 01:07 . 2009-06-30 01:07 348496 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 01:07 . 2009-06-30 01:07 298336 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 01:05 . 2009-06-30 01:05 246128 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 01:04 . 2009-06-30 01:04 40288 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 01:04 . 2009-06-30 01:04 85352 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 01:04 . 2009-06-30 01:04 664424 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 01:03 . 2009-06-30 01:03 563064 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 01:03 . 2009-06-30 01:03 566632 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 01:02 . 2009-06-30 01:02 2352968 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 01:01 . 2009-06-30 01:01 629072 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 01:00 . 2009-06-30 01:00 520024 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 01:00 . 2009-06-30 01:00 1029456 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-30 00:13 . 2009-06-30 00:13 -------- d-----w- c:\program files\Trend Micro
2009-06-30 00:10 . 2009-06-30 00:10 -------- d-----w- c:\program files\ERUNT
2009-06-27 18:06 . 2009-06-27 18:09 -------- d--h--w- c:\windows2\msdownld.tmp
2009-06-27 18:06 . 2009-06-27 18:06 -------- d-----w- c:\windows2\Logs
2009-06-20 15:22 . 2009-06-20 18:54 -------- d-----w- c:\program files\XZAKTFrontFXTools1
2009-06-16 02:56 . 2009-06-16 02:56 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000\IETldCache
2009-06-15 02:46 . 2009-06-15 00:56 15688 ----a-w- c:\windows2\system32\lsdelete.exe
2009-06-15 00:56 . 2009-06-15 00:54 64160 ----a-w- c:\windows2\system32\drivers\Lbd.sys
2009-06-15 00:56 . 2009-06-15 00:56 15688 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-15 00:54 . 2009-06-15 00:54 64160 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-15 00:45 . 2009-06-15 00:45 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 00:45 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-15 00:45 . 2009-06-15 00:45 -------- d-----w- c:\program files\Lavasoft
2009-06-12 00:17 . 2009-06-12 00:17 -------- d-----w- c:\windows2\system32\wbem\Repository
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\program files\Common Files\WORDsearch
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\wsc
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\DBP\Application Data\EBookSys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 04:59 . 2007-05-26 02:26 -------- d-----w- c:\documents and settings\DBP\Application Data\LimeWire
2009-07-01 05:02 . 2007-08-21 18:28 524288 ----a-w- c:\windows2\system32\Busy_Wait.exe
2009-06-30 05:13 . 2009-03-23 08:36 -------- d-----w- c:\program files\Bonjour
2009-06-28 00:43 . 2006-09-02 21:34 -------- d-----w- c:\program files\UIU
2009-06-27 23:52 . 2006-02-27 19:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-20 15:20 . 2006-05-25 16:27 -------- d-----w- c:\program files\XZAKT FrontFX Tools+ 2
2009-06-15 00:45 . 2007-07-04 08:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft
2009-06-12 00:16 . 2006-03-24 00:48 -------- d-----w- c:\documents and settings\DBP\Application Data\Xara
2009-06-12 00:16 . 2006-04-26 19:33 -------- d-----w- c:\program files\HTML Password Lock
2009-06-12 00:16 . 2009-04-25 21:04 -------- d-----w- c:\program files\Xara
2009-06-12 00:15 . 2009-05-26 23:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}
2009-06-12 00:15 . 2008-03-17 16:28 -------- d-----w- c:\program files\Bible Explorer 4
2009-06-12 00:14 . 2009-03-23 08:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 00:14 . 2005-09-14 02:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 00:13 . 2004-12-10 22:50 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-12 00:13 . 2005-11-03 21:58 -------- d-----w- c:\program files\Opera
2009-06-12 00:13 . 2005-10-24 19:32 -------- d-----w- c:\program files\Macromedia
2009-06-12 00:10 . 2009-05-09 05:24 -------- d-----w- c:\program files\Lame for Audacity
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\SourceTec
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-11 23:52 . 2006-03-07 17:12 -------- d-----w- c:\program files\CoffeeCup Software
2009-05-27 03:00 . 2005-10-20 22:12 852432 ----a-w- c:\documents and settings\DBP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 18:28 . 2009-02-26 18:58 -------- d-----w- c:\program files\My Journal
2009-05-23 01:21 . 2009-04-30 21:15 -------- d-----w- c:\documents and settings\DBP\Application Data\Move Networks
2009-05-22 05:44 . 2004-12-03 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 06:12 . 2009-05-15 06:12 45056 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-05-10 08:45 . 2009-05-10 08:45 -------- d-----w- c:\documents and settings\DBP\Application Data\Doomi.809F847005C7832B69625A614BB25CA209244440.1
2009-05-09 02:45 . 2009-05-09 02:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-09 02:43 . 2009-05-09 02:45 38208 ----a-w- c:\documents and settings\DBP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-02 23:04 . 2009-05-02 23:04 34062 ----a-w- c:\documents and settings\DBP\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-01 05:31 . 2009-05-01 05:31 295606 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
2009-04-29 21:37 . 2009-04-29 21:37 21035 ----a-w- c:\windows2\system32\drivers\AegisP.sys
2008-02-27 08:05 . 2008-02-27 08:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-08-21 18:28 . 2007-08-21 18:28 491 ----a-w- c:\program files\UnInst.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]

c:\documents and settings\DBP\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-12-10 45056]

c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"ADSService"=2 (0x2)
"ElnkFWPPService"=3 (0x3)
"cmdService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NetSvc"=2 (0x2)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS2\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS2\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*isabled:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:driver

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [6/14/2009 5:56 PM 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/17/2008 10:34 PM 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S1 tdpipee;tdpipee;c:\windows2\system32\drivers\tdpipee.sys --> c:\windows2\system32\drivers\tdpipee.sys [?]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [9/2/2006 2:34 PM 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\DRIVERS\ADSFilter.sys --> c:\windows2\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\Drivers\BW2NDIS5.sys --> c:\windows2\system32\Drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [1/13/2007 5:05 PM 347648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [7/18/2007 3:26 PM 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows2\system32\rundll32.exe" "c:\windows2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows2\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - c:\windows2\system32\vtsqq.dll
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-byxvvtr - byxvvtr.dll


.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 18:07
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C55B90D8-06FA-C0FF-A797-9AB19D80AB23}*]
"kagkcelciikijpllbmpoca"=hex:66,61,69,6a,66,69,6c,64,6a,6a,6f,63,00,6b
"kagkcelciikijpllbmpopp"=hex:67,61,69,6b,6c,66,69,6f,62,67,66,6a,6c,6b,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2580)
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows2\system32\dot3dlg.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows2\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\progra~1\Webshots\webshots.scr
.
**************************************************************************
.
Completion time: 2009-07-07 18:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-07 01:18

Pre-Run: 23,973,187,584 bytes free
Post-Run: 24,845,434,880 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS2
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS2="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

263 --- E O F --- 2009-06-11 22:47

And here is the new DDS log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by DBP at 19:09:28.90 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.199 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\WINDOWS2\system32\msiexec.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS2\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DBP\Desktop\system\dds.scr

============== Pseudo HJT Report ===============

mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows2\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows2\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [2009-6-14 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-17 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [2007-12-28 287232]
S1 tdpipee;tdpipee;c:\windows2\system32\drivers\tdpipee.sys --> c:\windows2\system32\drivers\tdpipee.sys [?]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [2006-9-2 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\drivers\adsfilter.sys --> c:\windows2\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\drivers\bw2ndis5.sys --> c:\windows2\system32\drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [2007-1-13 347648]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79520]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit11\ArcNameService.exe [2007-7-18 157000]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-18 1251720]

=============== Created Last 30 ================

2009-07-06 18:17 <DIR> -cd----- c:\windows2\system32\dllcache\cache
2009-07-06 17:16 <DIR> a-dshr-- C:\cmdcons
2009-07-06 17:11 161,792 a------- c:\windows2\SWREG.exe
2009-07-06 17:11 155,136 a------- c:\windows2\PEV.exe
2009-07-06 17:11 98,816 a------- c:\windows2\sed.exe
2009-06-29 17:13 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 11:06 <DIR> --d-h--- c:\windows2\msdownld.tmp
2009-06-27 11:06 <DIR> --d----- c:\windows2\Logs
2009-06-20 08:22 <DIR> --d----- c:\program files\XZAKTFrontFXTools1
2009-06-14 19:46 15,688 a------- c:\windows2\system32\lsdelete.exe
2009-06-14 17:56 64,160 a------- c:\windows2\system32\drivers\Lbd.sys
2009-06-14 17:45 <DIR> -cd-h--- c:\docume~1\alluse~2.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 17:45 <DIR> --d----- c:\program files\Lavasoft
2009-06-11 17:17 <DIR> --d----- c:\windows2\system32\wbem\Repository
2009-06-11 17:15 <DIR> --d----- c:\program files\common files\WORDsearch
2009-06-11 17:15 <DIR> --d----- c:\docume~1\alluse~2.win\applic~1\wsc
2009-06-11 17:15 <DIR> --d----- c:\docume~1\dbp\applic~1\EBookSys
2009-06-10 22:15 66 a----r-- c:\windows2\amunres.lsl

==================== Find3M ====================

2009-06-30 22:02 524,288 a------- c:\windows2\system32\Busy_Wait.exe
2008-05-13 19:49 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÝÃÄΛÒ3113›.sys
2008-03-30 08:45 2,400,784 a------- c:\documents and settings\dbp\WLinstaller.exe
2008-03-04 11:10 724,984 a------- c:\documents and settings\dbp\gotomypc_437.exe
2008-02-27 01:05 774,144 a------- c:\program files\RngInterstitial.dll
2008-02-08 14:03 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÐÒÝÃÄ3113›˜.sys
2007-12-28 15:02 287,232 a------- c:\windows2\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows2\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows2\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows2\inf\wg111v3\SetDrv.exe
2007-08-21 14:10 3,902,784 a------- c:\documents and settings\dbp\gosetup.exe
2007-08-21 11:28 491 a------- c:\program files\UnInst.log
2007-01-25 21:28 722,176 a------- c:\documents and settings\dbp\gotomypc_428.exe
2007-01-20 10:01 563,712 a------- c:\documents and settings\dbp\gotomypc_370.exe
2006-12-15 11:30 315,392 a------- c:\windows2\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows2\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows2\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows2\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows2\inf\wg111v3\RTWREFU.EXE
2006-03-07 17:09 13 ----h--- c:\docume~1\alluse~2.win\applic~1\ÝÙÃÄ3113›.sys
2006-02-07 12:36 563,712 a------- c:\documents and settings\dbp\370_gotomypc.exe
2005-11-22 10:40 483,401 a------- c:\documents and settings\dbp\314_gotomypc.exe
2005-11-02 20:01 13 ----h--- c:\docume~1\alluse~2.win\applic~1\13.sys
2008-02-26 06:36 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008022620080227\index.dat

============= FINISH: 19:10:10.87 ===============

at the present there are no IP ports open to 600pics.com (according to What's Running), but I am still finding that when I open Internext Explorer, The Task Manager shows me that two instances of that application are running, one significantly larger than the other (4mb compared to 49mb).

Thanks for your help.

Doug

 

[Blade81]

Hi again,

Upload following file to http://www.virustotal.com (answer yes if asked question about re-scan) and post back the results or a link to the results:
c:\windows2\system32\Busy_Wait.exe

Do you have special use for Adobe Acrobat 6.0.1 Professional? I'm asking cos vulnerabilities in Adobe Acrobat's old versions are widely exploited. Recommended action would be to uninstall that. In some cases it's not possible and then it's at least not advisable to open PDF documents with outdated Adobe Acrobat but with up-to-date Adobe Reader or some alternative PDF reader.

Anyway, Uninstall old Adobe Reader versions and get the latest one (9.1 + 9.1.2 update for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Open notepad and copy/paste the text in the quotebox below into it:

Driver::
tdpipee

DDS::
uURLSearchHooks: H - No File
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
BHO: {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0C6DD65A-F36B-4AC8-89EB-6175AEE6BB8C} - No File

Regnull::
[HKEY_USERS\S-1-5-21-583907252-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C55B90D8-06FA-C0FF-A797-9AB19D80AB23}*]

File::
c:\windows2\system32\drivers\tdpipee.sys
c:\docume~1\alluse~2.win\applic~1\ÝÃÄΛÒ3113›.sys
c:\docume~1\alluse~2.win\applic~1\ÐÒÝÃÄ3113›˜.sys
c:\docume~1\alluse~2.win\applic~1\ÝÙÃÄ3113›.sys
c:\docume~1\alluse~2.win\applic~1\13.sys

Folder::
c:\documents and settings\DBP\Application Data\LimeWire

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

but I am still finding that when I open Internext Explorer, The Task Manager shows me that two instances of that application are running

Yes, that's in IE 8 by design.

 

[HSPower1972]

Here are the results of the Kaspersky scan:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3, v.3311 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 08, 2009 06:32:20
Records in database: 2440451
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup
C:\Documents and Settings\DBP\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS2

Scan statistics:
Files scanned: 83538
Threat name: 4
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 02:29:59


File name / Threat name / Threats count
C:\Program Files\MSN Gaming Zone\rteje.html Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\WINDOWS2\Fonts\zia03376 Infected: Trojan-Downloader.Win32.VB.bsa 1
C:\WINDOWS2\system32\edcA18\edcA182328.exe Infected: Trojan-Downloader.Win32.VB.ceh 1
C:\WINDOWS2\system32\winsckdo.dll Infected: Trojan-GameThief.Win32.Nilage.cbq 1

The selected area was scanned.


dds and combofix logs to follow in separate post due to length restrictions.

Doug

 

[HSPower1972]

DDS Log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by DBP at 1:59:30.18 on Wed 07/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.137 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\DBP\Desktop\system\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows2\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows2\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [2009-6-14 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-17 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [2006-9-2 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\drivers\adsfilter.sys --> c:\windows2\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\drivers\bw2ndis5.sys --> c:\windows2\system32\drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [2007-1-13 347648]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79520]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit11\ArcNameService.exe [2007-7-18 157000]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-18 1251720]

=============== Created Last 30 ================

2009-07-07 19:30 410,984 a------- c:\windows2\system32\deploytk.dll
2009-07-07 19:30 73,728 a------- c:\windows2\system32\javacpl.cpl
2009-07-06 18:17 <DIR> -cd----- c:\windows2\system32\dllcache\cache
2009-07-06 17:16 <DIR> a-dshr-- C:\cmdcons
2009-07-06 17:11 161,792 a------- c:\windows2\SWREG.exe
2009-07-06 17:11 155,136 a------- c:\windows2\PEV.exe
2009-07-06 17:11 98,816 a------- c:\windows2\sed.exe
2009-06-29 17:13 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 11:06 <DIR> --d-h--- c:\windows2\msdownld.tmp
2009-06-27 11:06 <DIR> --d----- c:\windows2\Logs
2009-06-20 08:22 <DIR> --d----- c:\program files\XZAKTFrontFXTools1
2009-06-14 19:46 15,688 a------- c:\windows2\system32\lsdelete.exe
2009-06-14 17:56 64,160 a------- c:\windows2\system32\drivers\Lbd.sys
2009-06-14 17:45 <DIR> -cd-h--- c:\docume~1\alluse~2.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 17:45 <DIR> --d----- c:\program files\Lavasoft
2009-06-11 17:17 <DIR> --d----- c:\windows2\system32\wbem\Repository
2009-06-11 17:15 <DIR> --d----- c:\program files\common files\WORDsearch
2009-06-11 17:15 <DIR> --d----- c:\docume~1\alluse~2.win\applic~1\wsc
2009-06-11 17:15 <DIR> --d----- c:\docume~1\dbp\applic~1\EBookSys
2009-06-10 22:15 66 a----r-- c:\windows2\amunres.lsl

==================== Find3M ====================

2009-06-30 22:02 524,288 a------- c:\windows2\system32\Busy_Wait.exe
2008-03-30 08:45 2,400,784 a------- c:\documents and settings\dbp\WLinstaller.exe
2008-03-04 11:10 724,984 a------- c:\documents and settings\dbp\gotomypc_437.exe
2008-02-27 01:05 774,144 a------- c:\program files\RngInterstitial.dll
2007-12-28 15:02 287,232 a------- c:\windows2\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows2\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows2\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows2\inf\wg111v3\SetDrv.exe
2007-08-21 14:10 3,902,784 a------- c:\documents and settings\dbp\gosetup.exe
2007-08-21 11:28 491 a------- c:\program files\UnInst.log
2007-01-25 21:28 722,176 a------- c:\documents and settings\dbp\gotomypc_428.exe
2007-01-20 10:01 563,712 a------- c:\documents and settings\dbp\gotomypc_370.exe
2006-12-15 11:30 315,392 a------- c:\windows2\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows2\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows2\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows2\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows2\inf\wg111v3\RTWREFU.EXE
2006-02-07 12:36 563,712 a------- c:\documents and settings\dbp\370_gotomypc.exe
2005-11-22 10:40 483,401 a------- c:\documents and settings\dbp\314_gotomypc.exe
2008-02-26 06:36 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008022620080227\index.dat

============= FINISH: 2:00:44.87 ===============

 

[HSPower1972]

Combofix logis too long to copy paste all at once, so here is first part:

ComboFix 09-07-07.A2 - DBP 07/07/2009 17:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.267 [GMT -7:00]
Running from: c:\documents and settings\DBP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\DBP\Desktop\cfscript.txt
* Created a new restore point

FILE ::
"c:\docume~1\alluse~2.win\applic~1\ÐÒÝÃÄ3113›˜.sys"
"c:\docume~1\alluse~2.win\applic~1\ÝÙÃÄ3113›.sys"
"c:\docume~1\alluse~2.win\applic~1\ÝÃÄΛÒ3113›.sys"
"c:\docume~1\alluse~2.win\applic~1\13.sys"
"c:\windows2\system32\drivers\tdpipee.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~2.win\applic~1\ÐÒÝÃÄ3113›˜.sys
c:\docume~1\alluse~2.win\applic~1\ÝÙÃÄ3113›.sys
c:\docume~1\alluse~2.win\applic~1\ÝÃÄΛÒ3113›.sys
c:\docume~1\alluse~2.win\applic~1\13.sys
c:\documents and settings\DBP\Application Data\LimeWire
c:\documents and settings\DBP\Application Data\LimeWire\412splashfree.png
c:\documents and settings\DBP\Application Data\LimeWire\414splashfree.png
c:\documents and settings\DBP\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\DBP\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\DBP\Application Data\LimeWire\bugs.data
c:\documents and settings\DBP\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\DBP\Application Data\LimeWire\createtimes.cache
c:\documents and settings\DBP\Application Data\LimeWire\data.ser
c:\documents and settings\DBP\Application Data\LimeWire\downloads.dat
c:\documents and settings\DBP\Application Data\LimeWire\fileurns.bak
c:\documents and settings\DBP\Application Data\LimeWire\fileurns.cache
c:\documents and settings\DBP\Application Data\LimeWire\filters.props
c:\documents and settings\DBP\Application Data\LimeWire\gnutella.net
c:\documents and settings\DBP\Application Data\LimeWire\installation.props
c:\documents and settings\DBP\Application Data\LimeWire\library.dat
c:\documents and settings\DBP\Application Data\LimeWire\library5.dat
c:\documents and settings\DBP\Application Data\LimeWire\limewire.props
c:\documents and settings\DBP\Application Data\LimeWire\mojito.props
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\18AD2C19d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\27F0EFC1d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\43333CB8d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\7973F814d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\7A2D9D1Ed01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFAd01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Cd01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\Cache\FD7C3D70d01
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\OfflineCache\index.sqlite
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\DBP\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\DBP\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\DBP\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\DBP\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\DBP\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\DBP\Application Data\LimeWire\pub1.key
c:\documents and settings\DBP\Application Data\LimeWire\public.key
c:\documents and settings\DBP\Application Data\LimeWire\questions.props
c:\documents and settings\DBP\Application Data\LimeWire\responses.cache
c:\documents and settings\DBP\Application Data\LimeWire\secureMessage.key
c:\documents and settings\DBP\Application Data\LimeWire\simpp.xml
c:\documents and settings\DBP\Application Data\LimeWire\spam.dat
c:\documents and settings\DBP\Application Data\LimeWire\tables.props
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\name.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\version.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\DBP\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\DBP\Application Data\LimeWire\Thumbs.db
c:\documents and settings\DBP\Application Data\LimeWire\ttdata.cache
c:\documents and settings\DBP\Application Data\LimeWire\ttree.cache
c:\documents and settings\DBP\Application Data\LimeWire\ttrees.cache
c:\documents and settings\DBP\Application Data\LimeWire\ttroot.cache
c:\documents and settings\DBP\Application Data\LimeWire\update.xml
c:\documents and settings\DBP\Application Data\LimeWire\version.key
c:\documents and settings\DBP\Application Data\LimeWire\version.xml
c:\documents and settings\DBP\Application Data\LimeWire\versions.props
c:\documents and settings\DBP\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\DBP\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\DBP\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\DBP\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\DBP\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\DBP\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\DBP\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\DBP\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\DBP\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\DBP\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\DBP\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\DBP\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\DBP\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\DBP\Application Data\LimeWire\xml\schemas\video.xsd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

 

[HSPower1972]

Here is remainder:


-------\Legacy_TDPIPEE
-------\Service_tdpipee


((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-04 02:52 . 2009-07-04 02:52 84832 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-04 02:52 . 2009-07-04 02:52 1630560 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 04:41 . 2009-06-30 04:41 -------- d-sh--w- c:\documents and settings\Administrator.MARKETING\IETldCache
2009-06-30 01:08 . 2009-06-30 01:08 314712 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 01:08 . 2009-06-30 01:08 25440 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-30 01:08 . 2009-06-30 01:08 169312 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 01:07 . 2009-06-30 01:07 348496 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 01:07 . 2009-06-30 01:07 298336 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 01:05 . 2009-06-30 01:05 246128 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 01:04 . 2009-06-30 01:04 40288 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 01:04 . 2009-06-30 01:04 85352 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 01:04 . 2009-06-30 01:04 664424 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 01:03 . 2009-06-30 01:03 563064 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 01:03 . 2009-06-30 01:03 566632 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 01:02 . 2009-06-30 01:02 2352968 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 01:01 . 2009-06-30 01:01 629072 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 01:00 . 2009-06-30 01:00 520024 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 01:00 . 2009-06-30 01:00 1029456 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-30 00:13 . 2009-06-30 00:13 -------- d-----w- c:\program files\Trend Micro
2009-06-30 00:10 . 2009-06-30 00:10 -------- d-----w- c:\program files\ERUNT
2009-06-27 18:06 . 2009-06-27 18:09 -------- d--h--w- c:\windows2\msdownld.tmp
2009-06-27 18:06 . 2009-06-27 18:06 -------- d-----w- c:\windows2\Logs
2009-06-20 15:22 . 2009-07-07 02:22 -------- d-----w- c:\program files\XZAKTFrontFXTools1
2009-06-16 02:56 . 2009-06-16 02:56 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000\IETldCache
2009-06-15 02:46 . 2009-06-15 00:56 15688 ----a-w- c:\windows2\system32\lsdelete.exe
2009-06-15 00:56 . 2009-06-15 00:54 64160 ----a-w- c:\windows2\system32\drivers\Lbd.sys
2009-06-15 00:56 . 2009-06-15 00:56 15688 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-15 00:54 . 2009-06-15 00:54 64160 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-15 00:45 . 2009-06-15 00:45 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 00:45 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-15 00:45 . 2009-06-15 00:45 -------- d-----w- c:\program files\Lavasoft
2009-06-12 00:17 . 2009-06-12 00:17 -------- d-----w- c:\windows2\system32\wbem\Repository
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\program files\Common Files\WORDsearch
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\wsc
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\DBP\Application Data\EBookSys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 05:02 . 2007-08-21 18:28 524288 ----a-w- c:\windows2\system32\Busy_Wait.exe
2009-06-30 05:13 . 2009-03-23 08:36 -------- d-----w- c:\program files\Bonjour
2009-06-28 00:43 . 2006-09-02 21:34 -------- d-----w- c:\program files\UIU
2009-06-27 23:52 . 2006-02-27 19:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-20 15:20 . 2006-05-25 16:27 -------- d-----w- c:\program files\XZAKT FrontFX Tools+ 2
2009-06-15 00:45 . 2007-07-04 08:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft
2009-06-12 00:16 . 2006-03-24 00:48 -------- d-----w- c:\documents and settings\DBP\Application Data\Xara
2009-06-12 00:16 . 2006-04-26 19:33 -------- d-----w- c:\program files\HTML Password Lock
2009-06-12 00:16 . 2009-04-25 21:04 -------- d-----w- c:\program files\Xara
2009-06-12 00:15 . 2009-05-26 23:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}
2009-06-12 00:15 . 2008-03-17 16:28 -------- d-----w- c:\program files\Bible Explorer 4
2009-06-12 00:14 . 2009-03-23 08:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 00:14 . 2005-09-14 02:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 00:13 . 2004-12-10 22:50 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-12 00:13 . 2005-11-03 21:58 -------- d-----w- c:\program files\Opera
2009-06-12 00:13 . 2005-10-24 19:32 -------- d-----w- c:\program files\Macromedia
2009-06-12 00:10 . 2009-05-09 05:24 -------- d-----w- c:\program files\Lame for Audacity
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\SourceTec
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-11 23:52 . 2006-03-07 17:12 -------- d-----w- c:\program files\CoffeeCup Software
2009-05-27 03:00 . 2005-10-20 22:12 852432 ----a-w- c:\documents and settings\DBP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-23 18:28 . 2009-02-26 18:58 -------- d-----w- c:\program files\My Journal
2009-05-23 01:21 . 2009-04-30 21:15 -------- d-----w- c:\documents and settings\DBP\Application Data\Move Networks
2009-05-22 05:44 . 2004-12-03 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 06:12 . 2009-05-15 06:12 45056 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-05-10 08:45 . 2009-05-10 08:45 -------- d-----w- c:\documents and settings\DBP\Application Data\Doomi.809F847005C7832B69625A614BB25CA209244440.1
2009-05-09 02:45 . 2009-05-09 02:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-09 02:43 . 2009-05-09 02:45 38208 ----a-w- c:\documents and settings\DBP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-02 23:04 . 2009-05-02 23:04 34062 ----a-w- c:\documents and settings\DBP\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-01 05:31 . 2009-05-01 05:31 295606 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
2009-04-29 21:37 . 2009-04-29 21:37 21035 ----a-w- c:\windows2\system32\drivers\AegisP.sys
2008-02-27 08:05 . 2008-02-27 08:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-08-21 18:28 . 2007-08-21 18:28 491 ----a-w- c:\program files\UnInst.log
.

((((((((((((((((((((((((((((( SnapShot@2009-07-07_01.07.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 13:20 . 2009-07-07 13:20 512000 c:\windows2\ERDNT\AutoBackup\7-7-2009\Users\00000002\UsrClass.dat
+ 2009-07-07 13:20 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-7-2009\ERDNT.EXE
+ 2009-07-07 13:20 . 2009-07-07 13:20 11935744 c:\windows2\ERDNT\AutoBackup\7-7-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]

c:\documents and settings\DBP\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-12-10 45056]

c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"ADSService"=2 (0x2)
"ElnkFWPPService"=3 (0x3)
"cmdService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NetSvc"=2 (0x2)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS2\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS2\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*isabled:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"8085:TCP"= 8085:TCP:driver

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [6/14/2009 5:56 PM 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/17/2008 10:34 PM 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [9/2/2006 2:34 PM 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\DRIVERS\ADSFilter.sys --> c:\windows2\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\Drivers\BW2NDIS5.sys --> c:\windows2\system32\Drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [1/13/2007 5:05 PM 347648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [7/18/2007 3:26 PM 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows2\system32\rundll32.exe" "c:\windows2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-30 c:\windows2\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 18:02
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3712)
c:\windows2\system32\ieframe.dll
c:\windows2\system32\webcheck.dll
c:\windows2\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows2\system32\dot3dlg.dll
c:\windows2\system32\PortableDeviceTypes.dll
c:\windows2\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows2\system32\wbem\unsecapp.exe
c:\windows2\system32\wscntfy.exe
c:\progra~1\Webshots\webshots.scr
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-07-08 18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 01:15
ComboFix2.txt 2009-07-07 01:20

Pre-Run: 24,736,305,152 bytes free
Post-Run: 24,730,943,488 bytes free

765 --- E O F --- 2009-06-11 22:47

 

[Blade81]

Hi Doug,

Did you upload c:\windows2\system32\Busy_Wait.exe file to Virustotal?

 

[HSPower1972]

Yes I did. Did I not attach the results?

 

[HSPower1972]

I apologize--thought I had. Here is the link: http://www.virustotal.com/analisis/...16ff9507556a4c701600b9e6dcfc77f2d5-1246974409.

Doug

 

[HSPower1972]

There was also a Busy_Wait.cfg file. Here is the link for the results on that scan:http://www.virustotal.com/analisis/...f309191abc0bf102e0280afb942ad0ee0a-1247012571.

 

[Blade81]

Hi again,

Have you placed this browser proxy setting by yourself: 192.168.0.5:8080 ?

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\MSN Gaming Zone\rteje.html
C:\WINDOWS2\Fonts\zia03376
C:\WINDOWS2\system32\winsckdo.dll

Folder::
C:\WINDOWS2\system32\edcA18

DDS::
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: H - No File
BHO: {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - No File

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh dds.txt log. How's the system running?

 

[HSPower1972]

First of all the answers to your two questions in your last post:

1. To my knowledge I did not open that port deliberately, unless I did so in the process of installing a program.
2. The system is running a lot faster and smoother now. Thanks a lot!

Here is the Combofix log you requested:

ComboFix 09-07-07.A2 - DBP 07/13/2009 10:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.308 [GMT -7:00]
Running from: c:\documents and settings\DBP\Desktop\system\ComboFix.exe
Command switches used :: c:\documents and settings\DBP\Desktop\system\CFScript.txt

FILE ::
"c:\program files\MSN Gaming Zone\rteje.html"
"c:\windows2\Fonts\zia03376"
"c:\windows2\system32\winsckdo.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows2\Fonts\zia03376

.
((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-08 02:30 . 2009-07-08 02:30 410984 ----a-w- c:\windows2\system32\deploytk.dll
2009-07-04 02:52 . 2009-07-04 02:52 84832 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-04 02:52 . 2009-07-13 01:13 1630560 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-30 04:41 . 2009-06-30 04:41 -------- d-sh--w- c:\documents and settings\Administrator.MARKETING\IETldCache
2009-06-30 01:08 . 2009-06-30 01:08 314712 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-30 01:08 . 2009-07-13 01:13 25440 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-30 01:08 . 2009-06-30 01:08 169312 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-30 01:07 . 2009-06-30 01:07 348496 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-30 01:07 . 2009-06-30 01:07 298336 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-30 01:05 . 2009-06-30 01:05 246128 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-30 01:04 . 2009-06-30 01:04 40288 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-30 01:04 . 2009-06-30 01:04 85352 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-30 01:04 . 2009-06-30 01:04 664424 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-30 01:03 . 2009-06-30 01:03 563064 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-30 01:03 . 2009-06-30 01:03 566632 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-30 01:02 . 2009-07-13 01:11 2353480 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 01:01 . 2009-06-30 01:01 629072 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-30 01:00 . 2009-06-30 01:00 520024 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-30 01:00 . 2009-06-30 01:00 1029456 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-30 00:13 . 2009-06-30 00:13 -------- d-----w- c:\program files\Trend Micro
2009-06-30 00:10 . 2009-06-30 00:10 -------- d-----w- c:\program files\ERUNT
2009-06-27 18:06 . 2009-06-27 18:09 -------- d--h--w- c:\windows2\msdownld.tmp
2009-06-27 18:06 . 2009-06-27 18:06 -------- d-----w- c:\windows2\Logs
2009-06-20 15:22 . 2009-07-07 02:22 -------- d-----w- c:\program files\XZAKTFrontFXTools1
2009-06-16 02:56 . 2009-06-16 02:56 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY.000\IETldCache
2009-06-15 02:46 . 2009-06-15 00:56 15688 ----a-w- c:\windows2\system32\lsdelete.exe
2009-06-15 00:56 . 2009-06-15 00:54 64160 ----a-w- c:\windows2\system32\drivers\Lbd.sys
2009-06-15 00:56 . 2009-06-15 00:56 15688 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-15 00:54 . 2009-06-15 00:54 64160 ----a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-15 00:45 . 2009-06-15 00:45 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 00:45 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS2\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-15 00:45 . 2009-06-15 00:45 -------- d-----w- c:\program files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 02:56 . 2009-02-26 18:58 -------- d-----w- c:\program files\My Journal
2009-07-09 04:02 . 2005-10-20 22:12 852048 ----a-w- c:\documents and settings\DBP\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 02:29 . 2005-10-21 20:06 -------- d-----w- c:\program files\Java
2009-07-01 05:02 . 2007-08-21 18:28 524288 ----a-w- c:\windows2\system32\Busy_Wait.exe
2009-06-30 05:13 . 2009-03-23 08:36 -------- d-----w- c:\program files\Bonjour
2009-06-28 00:43 . 2006-09-02 21:34 -------- d-----w- c:\program files\UIU
2009-06-27 23:52 . 2006-02-27 19:14 -------- d-----w- c:\program files\WhatsRunning
2009-06-20 15:20 . 2006-05-25 16:27 -------- d-----w- c:\program files\XZAKT FrontFX Tools+ 2
2009-06-15 00:45 . 2007-07-04 08:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\Lavasoft
2009-06-12 00:16 . 2006-03-24 00:48 -------- d-----w- c:\documents and settings\DBP\Application Data\Xara
2009-06-12 00:16 . 2006-04-26 19:33 -------- d-----w- c:\program files\HTML Password Lock
2009-06-12 00:16 . 2009-04-25 21:04 -------- d-----w- c:\program files\Xara
2009-06-12 00:15 . 2009-05-26 23:44 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS2\Application Data\{CDF61231-6AD7-4969-B4DD-9E6C0F51DD5E}
2009-06-12 00:15 . 2008-03-17 16:28 -------- d-----w- c:\program files\Bible Explorer 4
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\program files\Common Files\WORDsearch
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS2\Application Data\wsc
2009-06-12 00:15 . 2009-06-12 00:15 -------- d-----w- c:\documents and settings\DBP\Application Data\EBookSys
2009-06-12 00:14 . 2009-03-23 08:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 00:14 . 2005-09-14 02:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-12 00:13 . 2004-12-10 22:50 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-12 00:13 . 2005-11-03 21:58 -------- d-----w- c:\program files\Opera
2009-06-12 00:13 . 2005-10-24 19:32 -------- d-----w- c:\program files\Macromedia
2009-06-12 00:10 . 2009-05-09 05:24 -------- d-----w- c:\program files\Lame for Audacity
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\SourceTec
2009-06-11 23:54 . 2008-08-29 03:02 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-11 23:52 . 2006-03-07 17:12 -------- d-----w- c:\program files\CoffeeCup Software
2009-05-23 01:21 . 2009-04-30 21:15 -------- d-----w- c:\documents and settings\DBP\Application Data\Move Networks
2009-05-22 05:44 . 2004-12-03 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-15 06:12 . 2009-05-15 06:12 45056 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
2009-05-09 02:43 . 2009-05-09 02:45 38208 ----a-w- c:\documents and settings\DBP\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-02 23:04 . 2009-05-02 23:04 34062 ----a-w- c:\documents and settings\DBP\Application Data\Move Networks\ie_bin\Uninst.exe
2009-05-01 05:31 . 2009-05-01 05:31 295606 ----a-r- c:\documents and settings\DBP\Application Data\Microsoft\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}\SC_Reader.exe
2009-04-29 21:37 . 2009-04-29 21:37 21035 ----a-w- c:\windows2\system32\drivers\AegisP.sys
2008-02-27 08:05 . 2008-02-27 08:06 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-08-21 18:28 . 2007-08-21 18:28 491 ----a-w- c:\program files\UnInst.log
.

------- Sigcheck -------

[7] 2004-08-12 13:30 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows2\$NtServicePackUninstall$\svchost.exe
[7] 2008-02-12 09:29 14336 0C54D685CFA1D5054F59F08ADAF71248 c:\windows2\ServicePackFiles\i386\svchost.exe
[7] 2008-02-12 09:29 14336 0C54D685CFA1D5054F59F08ADAF71248 c:\windows2\system32\svchost.exe
[7] 2008-02-12 09:29 14336 0C54D685CFA1D5054F59F08ADAF71248 c:\windows2\system32\dllcache\cache\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows2\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows2\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows2\$NtServicePackUninstall$\user32.dll
[7] 2004-08-12 13:31 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows2\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows2\$NtUninstallKB925902$\user32.dll
[7] 2008-02-12 09:29 578560 7E02D28A2BDB710887815C41189014C1 c:\windows2\ServicePackFiles\i386\user32.dll
[7] 2008-02-12 09:29 578560 7E02D28A2BDB710887815C41189014C1 c:\windows2\system32\user32.dll
[7] 2008-02-12 09:29 578560 7E02D28A2BDB710887815C41189014C1 c:\windows2\system32\dllcache\cache\user32.dll

[7] 2004-08-12 13:34 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows2\$NtServicePackUninstall$\ws2_32.dll
[7] 2008-02-12 09:29 82432 96163A36BFB5D8D66190FA6066A4A84C c:\windows2\ServicePackFiles\i386\ws2_32.dll
[7] 2008-02-12 09:29 82432 96163A36BFB5D8D66190FA6066A4A84C c:\windows2\system32\ws2_32.dll
[7] 2008-02-12 09:29 82432 96163A36BFB5D8D66190FA6066A4A84C c:\windows2\system32\dllcache\cache\ws2_32.dll

[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows2\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows2\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows2\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows2\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows2\$hf_mig$\KB918899\SP2QFE\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows2\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[7] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows2\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows2\$NtUninstallKB918899_0$\wininet.dll
[7] 2004-08-12 13:33 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows2\ie7\wininet.dll
[7] 2007-08-14 02:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows2\ie7updates\KB942615-IE7\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows2\ie7updates\KB944533-IE7\wininet.dll
[7] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows2\ie8\wininet.dll
[7] 2008-02-12 09:29 666112 C1B4A43D78C9A0B2EC403E0D6F1A11BB c:\windows2\ServicePackFiles\i386\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows2\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2gdr\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows2\SoftwareDistribution\Download\00f4dcdbcc87699e75212b885cb6bebf\sp2qfe\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows2\SoftwareDistribution\Download\66b48c5a53c8af1f3beb636379e3da1e\sp2gdr\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows2\SoftwareDistribution\Download\66b48c5a53c8af1f3beb636379e3da1e\sp2qfe\wininet.dll
[-] 2007-08-22 13:12 658944 1901AD51DA8BE9F8B38D5D526E5D1788 c:\windows2\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2gdr\wininet.dll
[-] 2007-08-22 12:55 665600 A1BC17EB3758D73C3938B2318820F5B4 c:\windows2\SoftwareDistribution\Download\730e45fefcdf343b61704b89c95d7cca\sp2qfe\wininet.dll
[7] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows2\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
[7] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows2\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
[-] 2007-10-11 06:13 659456 2005AD86A22AEE68E21EE59F9CCB77F2 c:\windows2\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2gdr\wininet.dll
[-] 2007-10-11 05:57 666112 80D660A49E0D118144423099B2A9F5DA c:\windows2\SoftwareDistribution\Download\fa58243222bcfe35e5467668df396003\sp2qfe\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows2\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2gdr\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows2\SoftwareDistribution\Download\fbd74e253a9131770d5798b356214bc9\sp2qfe\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows2\system32\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows2\system32\dllcache\wininet.dll
[7] 2009-03-08 11:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows2\system32\dllcache\cache\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows2\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows2\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows2\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows2\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows2\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-12 13:30 359040 9F4B36614A0FC234525BA224957DE55C c:\windows2\$NtUninstallKB941644$\tcpip.sys
[7] 2008-02-12 04:50 361344 AD075303568EC3B139CEC4C22BAAECD1 c:\windows2\ServicePackFiles\i386\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows2\SoftwareDistribution\Download\556eb98436b65a8c1ffae674c83d197f\sp2gdr\tcpip.sys
[-] 2006-01-13 01:13 340480 8C101C9C566E2384AF28EF7C1DE4A36E c:\windows2\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP1QFE\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows2\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2GDR\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows2\SoftwareDistribution\Download\e534ebaf021731fc8bec5e8193de9bb9\SP2QFE\tcpip.sys
[7] 2008-02-12 04:50 361344 AD075303568EC3B139CEC4C22BAAECD1 c:\windows2\system32\dllcache\cache\tcpip.sys
[7] 2008-02-12 04:50 361344 AD075303568EC3B139CEC4C22BAAECD1 c:\windows2\system32\drivers\tcpip.sys

[7] 2004-08-12 13:33 502272 01C3346C241652F43AED8E2149881BFE c:\windows2\$NtServicePackUninstall$\winlogon.exe
[7] 2008-02-12 09:29 507904 57021A062C8E266C0A2A636450364B43 c:\windows2\ServicePackFiles\i386\winlogon.exe
[7] 2008-02-12 09:29 507904 57021A062C8E266C0A2A636450364B43 c:\windows2\system32\winlogon.exe
[7] 2008-02-12 09:29 507904 57021A062C8E266C0A2A636450364B43 c:\windows2\system32\dllcache\cache\winlogon.exe

[7] 2004-08-12 13:24 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows2\$NtServicePackUninstall$\ndis.sys
[7] 2008-02-12 04:50 182656 104EFCE994264E4B36C1B6F5A846EB60 c:\windows2\ServicePackFiles\i386\ndis.sys
[7] 2008-02-12 04:50 182656 104EFCE994264E4B36C1B6F5A846EB60 c:\windows2\system32\dllcache\cache\ndis.sys
[7] 2008-02-12 04:50 182656 104EFCE994264E4B36C1B6F5A846EB60 c:\windows2\system32\drivers\ndis.sys

[7] 2004-08-12 13:20 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows2\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-02-11 21:44 36608 C0E5E466FC2C126429728060B5CD92D9 c:\windows2\ServicePackFiles\i386\ip6fw.sys
[7] 2008-02-11 21:44 36608 C0E5E466FC2C126429728060B5CD92D9 c:\windows2\system32\dllcache\cache\ip6fw.sys
[7] 2008-02-11 21:44 36608 C0E5E466FC2C126429728060B5CD92D9 c:\windows2\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows2\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows2\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows2\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows2\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2004-08-12 13:29 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows2\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows2\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-02-11 21:35 2065792 0C1C830277A60A348184337BE389EF7A c:\windows2\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2006-12-19 12:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows2\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntkrnlpa.exe
[7] 2008-02-11 21:35 2065792 0C1C830277A60A348184337BE389EF7A c:\windows2\system32\ntkrnlpa.exe
[7] 2008-02-11 21:35 2065792 0C1C830277A60A348184337BE389EF7A c:\windows2\system32\dllcache\cache\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows2\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows2\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows2\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows2\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2004-08-12 13:25 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows2\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows2\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-02-11 22:34 2188928 BB94D7DBE41EB844B68D83B7FA6BC20B c:\windows2\ServicePackFiles\i386\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows2\SoftwareDistribution\Download\3211116c3ab1e0da28f96fd6d81ebbaa\sp2gdr\ntoskrnl.exe
[7] 2008-02-11 22:34 2188928 BB94D7DBE41EB844B68D83B7FA6BC20B c:\windows2\system32\ntoskrnl.exe
[7] 2008-02-11 22:34 2188928 BB94D7DBE41EB844B68D83B7FA6BC20B c:\windows2\system32\dllcache\cache\ntoskrnl.exe

[7] 2008-02-12 09:29 1033728 CB7C9E2BA846DA0AFABD19DE6B6F2006 c:\windows2\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows2\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows2\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-12 13:19 1032192 A0732187050030AE399B241436565E64 c:\windows2\$NtUninstallKB938828$\explorer.exe
[7] 2008-02-12 09:29 1033728 CB7C9E2BA846DA0AFABD19DE6B6F2006 c:\windows2\ServicePackFiles\i386\explorer.exe
[7] 2008-02-12 09:29 1033728 CB7C9E2BA846DA0AFABD19DE6B6F2006 c:\windows2\system32\dllcache\cache\explorer.exe

[7] 2004-08-12 13:28 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows2\$NtServicePackUninstall$\services.exe
[7] 2008-02-12 09:29 108544 3BF0DF2D99EE82B08C1E76B72FA562C7 c:\windows2\ServicePackFiles\i386\services.exe
[7] 2008-02-12 09:29 108544 3BF0DF2D99EE82B08C1E76B72FA562C7 c:\windows2\system32\services.exe
[7] 2008-02-12 09:29 108544 3BF0DF2D99EE82B08C1E76B72FA562C7 c:\windows2\system32\dllcache\cache\services.exe

[7] 2004-08-12 13:21 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows2\$NtServicePackUninstall$\lsass.exe
[7] 2008-02-12 09:29 13312 70885577298B92939F3B7AF54D5F8943 c:\windows2\ServicePackFiles\i386\lsass.exe
[7] 2008-02-12 09:29 13312 70885577298B92939F3B7AF54D5F8943 c:\windows2\system32\lsass.exe
[7] 2008-02-12 09:29 13312 70885577298B92939F3B7AF54D5F8943 c:\windows2\system32\dllcache\cache\lsass.exe

[7] 2004-08-12 13:18 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows2\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-02-12 09:29 15360 A3F00130A3177AF0A263AE640DFCFE4C c:\windows2\ServicePackFiles\i386\ctfmon.exe
[7] 2008-02-12 09:29 15360 A3F00130A3177AF0A263AE640DFCFE4C c:\windows2\system32\ctfmon.exe
[7] 2008-02-12 09:29 15360 A3F00130A3177AF0A263AE640DFCFE4C c:\windows2\system32\dllcache\cache\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows2\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows2\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-12 13:29 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows2\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-02-12 09:29 57856 8B7AF2E5DACFD5A6204FA276136D82CC c:\windows2\ServicePackFiles\i386\spoolsv.exe
[7] 2008-02-12 09:29 57856 8B7AF2E5DACFD5A6204FA276136D82CC c:\windows2\system32\spoolsv.exe
[7] 2008-02-12 09:29 57856 8B7AF2E5DACFD5A6204FA276136D82CC c:\windows2\system32\dllcache\cache\spoolsv.exe

[7] 2008-02-12 09:30 111104 811F9413EE81D3EBF0C7494A61A86393 c:\windows2\ServicePackFiles\i386\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows2\system32\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows2\system32\dllcache\wuauclt.exe
[7] 2008-10-16 21:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows2\system32\dllcache\cache\wuauclt.exe

[7] 2004-08-12 13:31 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows2\$NtServicePackUninstall$\userinit.exe
[7] 2008-02-12 09:29 26112 E7FA45622EA5F16C9BC7379591262B25 c:\windows2\ServicePackFiles\i386\userinit.exe
[7] 2008-02-12 09:29 26112 E7FA45622EA5F16C9BC7379591262B25 c:\windows2\system32\userinit.exe
[7] 2008-02-12 09:29 26112 E7FA45622EA5F16C9BC7379591262B25 c:\windows2\system32\dllcache\cache\userinit.exe

[7] 2004-08-12 13:30 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows2\$NtServicePackUninstall$\termsrv.dll
[7] 2008-02-12 09:29 295424 6BD9B61403E1A9B366FB46FD66464940 c:\windows2\ServicePackFiles\i386\termsrv.dll
[7] 2008-02-12 09:29 295424 6BD9B61403E1A9B366FB46FD66464940 c:\windows2\system32\termsrv.dll
[7] 2008-02-12 09:29 295424 6BD9B61403E1A9B366FB46FD66464940 c:\windows2\system32\dllcache\cache\termsrv.dll

[-] 1999-04-24 06:22 471040 375B0813980AE17DCC689E913AB9DD7B c:\windows2\KERNEL32.DLL
[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows2\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows2\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows2\$NtServicePackUninstall$\kernel32.dll
[7] 2004-08-12 13:20 983552 888190E31455FAD793312F8D087146EB c:\windows2\$NtUninstallKB935839$\kernel32.dll
[7] 2008-02-12 09:28 989696 25C5D3A94763B533BEDBED5C7ECE9734 c:\windows2\ServicePackFiles\i386\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows2\SoftwareDistribution\Download\040e86cafc583a58922d9f353b3a41cf\sp2gdr\kernel32.dll
[7] 2008-02-12 09:28 989696 25C5D3A94763B533BEDBED5C7ECE9734 c:\windows2\system32\kernel32.dll
[7] 2008-02-12 09:28 989696 25C5D3A94763B533BEDBED5C7ECE9734 c:\windows2\system32\dllcache\cache\kernel32.dll

[7] 2004-08-12 13:26 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows2\$NtServicePackUninstall$\powrprof.dll
[7] 2008-02-12 09:29 17408 FA18078DA0F79D1B32D1646431A79171 c:\windows2\ServicePackFiles\i386\powrprof.dll
[7] 2008-02-12 09:29 17408 FA18078DA0F79D1B32D1646431A79171 c:\windows2\system32\powrprof.dll
[7] 2008-02-12 09:29 17408 FA18078DA0F79D1B32D1646431A79171 c:\windows2\system32\dllcache\cache\powrprof.dll

[7] 2004-08-12 13:20 110080 87CA7CE6469577F059297B9D6556D66D c:\windows2\$NtServicePackUninstall$\imm32.dll
[7] 2008-02-12 09:28 110080 4368E21DAA2A7859B5B6D6F89C8DF99F c:\windows2\ServicePackFiles\i386\imm32.dll
[7] 2008-02-12 09:28 110080 4368E21DAA2A7859B5B6D6F89C8DF99F c:\windows2\system32\imm32.dll
[7] 2008-02-12 09:28 110080 4368E21DAA2A7859B5B6D6F89C8DF99F c:\windows2\system32\dllcache\cache\imm32.dll

[7] 2004-08-12 13:28 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows2\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-02-12 09:29 1614848 1F7A2A5C1416FA73469216BFCCDA9395 c:\windows2\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-02-12 09:29 1614848 1F7A2A5C1416FA73469216BFCCDA9395 c:\windows2\system32\sfcfiles.dll
[7] 2008-02-12 09:29 1614848 1F7A2A5C1416FA73469216BFCCDA9395 c:\windows2\system32\dllcache\cache\sfcfiles.dll

[7] 2004-08-12 13:17 167936 9C3C12975C97119412802B181FBEEFFE c:\windows2\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-02-12 09:28 167936 A4DDB52FE0846A7F90C79CE9C655AD0A c:\windows2\ServicePackFiles\i386\appmgmts.dll
[7] 2008-02-12 09:28 167936 A4DDB52FE0846A7F90C79CE9C655AD0A c:\windows2\system32\appmgmts.dll
[7] 2008-02-12 09:28 167936 A4DDB52FE0846A7F90C79CE9C655AD0A c:\windows2\system32\dllcache\cache\appmgmts.dll

[7] 2004-08-12 13:20 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows2\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-02-11 21:42 24576 6946E7C9B6ACB20CDDAC1F12E08FEB58 c:\windows2\ServicePackFiles\i386\kbdclass.sys
[7] 2008-02-11 21:42 24576 6946E7C9B6ACB20CDDAC1F12E08FEB58 c:\windows2\system32\dllcache\cache\kbdclass.sys
[7] 2008-02-11 21:42 24576 6946E7C9B6ACB20CDDAC1F12E08FEB58 c:\windows2\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-07_01.07.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 13:49 . 2009-07-13 13:49 16384 c:\windows2\temp\Perflib_Perfdata_728.dat
+ 2009-07-08 02:30 . 2009-07-08 02:30 148888 c:\windows2\system32\javaws.exe
+ 2009-07-08 02:30 . 2009-07-08 02:30 144792 c:\windows2\system32\javaw.exe
+ 2009-07-08 02:30 . 2009-07-08 02:30 144792 c:\windows2\system32\java.exe
+ 2009-07-10 00:59 . 2009-07-10 00:59 532480 c:\windows2\ERDNT\AutoBackup\7-9-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 00:59 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-9-2009\ERDNT.EXE
+ 2009-07-09 01:40 . 2009-07-09 01:40 532480 c:\windows2\ERDNT\AutoBackup\7-8-2009\Users\00000002\UsrClass.dat
+ 2009-07-09 01:40 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-8-2009\ERDNT.EXE
+ 2009-07-07 13:20 . 2009-07-07 13:20 512000 c:\windows2\ERDNT\AutoBackup\7-7-2009\Users\00000002\UsrClass.dat
+ 2009-07-07 13:20 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-7-2009\ERDNT.EXE
+ 2009-07-13 13:51 . 2009-07-13 13:51 532480 c:\windows2\ERDNT\AutoBackup\7-13-2009\Users\00000002\UsrClass.dat
+ 2009-07-13 13:51 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-13-2009\ERDNT.EXE
+ 2009-07-12 13:10 . 2009-07-12 13:10 532480 c:\windows2\ERDNT\AutoBackup\7-12-2009\Users\00000002\UsrClass.dat
+ 2009-07-12 13:10 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-12-2009\ERDNT.EXE
+ 2009-07-11 13:47 . 2009-07-11 13:47 532480 c:\windows2\ERDNT\AutoBackup\7-11-2009\Users\00000002\UsrClass.dat
+ 2009-07-11 13:47 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-11-2009\ERDNT.EXE
+ 2009-07-10 13:31 . 2009-07-10 13:31 532480 c:\windows2\ERDNT\AutoBackup\7-10-2009\Users\00000002\UsrClass.dat
+ 2009-07-10 13:31 . 2005-10-20 19:02 163328 c:\windows2\ERDNT\AutoBackup\7-10-2009\ERDNT.EXE
+ 2005-10-20 13:53 . 2009-07-09 01:35 2211448 c:\windows2\system32\FNTCACHE.DAT
+ 2009-07-08 02:30 . 2009-07-08 02:30 1563648 c:\windows2\Installer\31018b.msi
+ 2009-07-10 00:59 . 2009-07-10 00:59 11935744 c:\windows2\ERDNT\AutoBackup\7-9-2009\Users\00000001\ntuser.dat
+ 2009-07-09 01:40 . 2009-07-09 01:40 11935744 c:\windows2\ERDNT\AutoBackup\7-8-2009\Users\00000001\ntuser.dat
+ 2009-07-07 13:20 . 2009-07-07 13:20 11935744 c:\windows2\ERDNT\AutoBackup\7-7-2009\Users\00000001\ntuser.dat
+ 2009-07-13 13:51 . 2009-07-13 13:51 11935744 c:\windows2\ERDNT\AutoBackup\7-13-2009\Users\00000001\ntuser.dat
+ 2009-07-12 13:10 . 2009-07-12 13:10 11935744 c:\windows2\ERDNT\AutoBackup\7-12-2009\Users\00000001\ntuser.dat
+ 2009-07-11 13:47 . 2009-07-11 13:47 11935744 c:\windows2\ERDNT\AutoBackup\7-11-2009\Users\00000001\ntuser.dat
+ 2009-07-10 13:31 . 2009-07-10 13:31 11935744 c:\windows2\ERDNT\AutoBackup\7-10-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]

c:\documents and settings\DBP\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-12-10 45056]

c:\documents and settings\All Users.WINDOWS2\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SDhelper"=2 (0x2)
"ADSService"=2 (0x2)
"ElnkFWPPService"=3 (0x3)
"cmdService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"ose"=3 (0x3)
"NetSvc"=2 (0x2)
"MDM"=2 (0x2)
"Macromedia Licensing Service"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS2\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS2\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\msncall.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1157172737\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*isabled:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [6/14/2009 5:56 PM 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/17/2008 10:34 PM 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [9/2/2006 2:34 PM 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\DRIVERS\ADSFilter.sys --> c:\windows2\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\Drivers\BW2NDIS5.sys --> c:\windows2\system32\Drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [1/13/2007 5:05 PM 347648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\Smith Micro\StuffIt11\ArcNameService.exe [7/18/2007 3:26 PM 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows2\system32\rundll32.exe" "c:\windows2\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows2\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:03]
.
- - - - ORPHANS REMOVED - - - -

BHO-{8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 11:08
Windows 5.1.2600 Service Pack 3, v.3311 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\windows2\system32\igfxdev.dll
.
Completion time: 2009-07-13 11:23
ComboFix-quarantined-files.txt 2009-07-13 18:21
ComboFix2.txt 2009-07-08 01:16
ComboFix3.txt 2009-07-07 01:20

Pre-Run: 24,548,556,800 bytes free
Post-Run: 24,787,316,736 bytes free

387 --- E O F --- 2009-06-11 22:47

And here is the most recent dds log:


DDS (Ver_09-06-26.01) - NTFSx86
Run by DBP at 11:24:45.45 on Mon 07/13/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.231 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS2\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS2\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS2\system32\notepad.exe
C:\WINDOWS2\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\DBP\Desktop\system\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 192.168.0.5:8080
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: X1IEHook Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows2\system32\dla\tfswshx.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\dbp\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~2.win\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111v3\WG111v3.exe
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: att.net
Trusted Zone: microsoft.com\office
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS2/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {F9CDFA58-BAA3-4C29-BD94-83FBB681E11B} = 207.69.188.185,207.69.188.186
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - c:\windows2\system32\EZTOOL~1.DLL
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll
STS: IE Component Categories cache daemon: {553858a7-4922-4e7e-b1c1-97140c1c16ef} - c:\windows2\system32\ieframe.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows2\system32\drivers\Lbd.sys [2009-6-14 64160]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows2\system32\drivers\EAPPkt.sys [2007-10-9 38144]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-17 24652]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows2\system32\drivers\wg111v3.sys [2007-12-28 287232]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S3 acfva;acfva;c:\windows2\system32\drivers\acfva.sys [2006-9-2 28445]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows2\system32\drivers\adsfilter.sys --> c:\windows2\system32\drivers\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows2\system32\drivers\bw2ndis5.sys --> c:\windows2\system32\drivers\BW2NDIS5.sys [?]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows2\system32\drivers\WlanUIG.sys [2007-1-13 347648]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-12-13 79520]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-9 108648]
S4 Stuffit Archive Name Service;Stuffit Archive Name Service;c:\program files\smith micro\stuffit11\ArcNameService.exe [2007-7-18 157000]
S4 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-8-18 1251720]

=============== Created Last 30 ================

2009-07-13 10:52 155,136 a------- c:\windows2\PEV.exe
2009-07-07 19:30 410,984 a------- c:\windows2\system32\deploytk.dll
2009-07-07 19:30 73,728 a------- c:\windows2\system32\javacpl.cpl
2009-07-06 18:17 <DIR> -cd----- c:\windows2\system32\dllcache\cache
2009-07-06 17:16 <DIR> a-dshr-- C:\cmdcons
2009-07-06 17:11 161,792 a------- c:\windows2\SWREG.exe
2009-07-06 17:11 98,816 a------- c:\windows2\sed.exe
2009-06-29 17:13 <DIR> --d----- c:\program files\Trend Micro
2009-06-27 11:06 <DIR> --d-h--- c:\windows2\msdownld.tmp
2009-06-27 11:06 <DIR> --d----- c:\windows2\Logs
2009-06-20 08:22 <DIR> --d----- c:\program files\XZAKTFrontFXTools1
2009-06-14 19:46 15,688 a------- c:\windows2\system32\lsdelete.exe
2009-06-14 17:56 64,160 a------- c:\windows2\system32\drivers\Lbd.sys
2009-06-14 17:45 <DIR> -cd-h--- c:\docume~1\alluse~2.win\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-14 17:45 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-06-30 22:02 524,288 a------- c:\windows2\system32\Busy_Wait.exe
2008-03-30 08:45 2,400,784 a------- c:\documents and settings\dbp\WLinstaller.exe
2008-03-04 11:10 724,984 a------- c:\documents and settings\dbp\gotomypc_437.exe
2008-02-27 01:05 774,144 a------- c:\program files\RngInterstitial.dll
2007-12-28 15:02 287,232 a------- c:\windows2\inf\wg111v3\wg111v3.sys
2007-12-28 14:59 342,528 a------- c:\windows2\inf\wg111v3\vista64\wg111v3.sys
2007-11-27 17:53 63,488 a------- c:\windows2\inf\wg111v3\SetDrv64.exe
2007-11-27 17:52 32,768 a------- c:\windows2\inf\wg111v3\SetDrv.exe
2007-08-21 14:10 3,902,784 a------- c:\documents and settings\dbp\gosetup.exe
2007-08-21 11:28 491 a------- c:\program files\UnInst.log
2007-01-25 21:28 722,176 a------- c:\documents and settings\dbp\gotomypc_428.exe
2007-01-20 10:01 563,712 a------- c:\documents and settings\dbp\gotomypc_370.exe
2006-12-15 11:30 315,392 a------- c:\windows2\inf\wg111v3\InstallDriver.exe
2006-12-15 11:30 212,992 a------- c:\windows2\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 11:30 98,304 a------- c:\windows2\inf\wg111v3\UScanM.exe
2006-12-15 11:30 20,480 a------- c:\windows2\inf\wg111v3\RTWUPath.exe
2006-12-15 11:30 19,968 a------- c:\windows2\inf\wg111v3\RTWREFU.EXE
2006-02-07 12:36 563,712 a------- c:\documents and settings\dbp\370_gotomypc.exe
2005-11-22 10:40 483,401 a------- c:\documents and settings\dbp\314_gotomypc.exe
2008-02-26 06:36 32,768 a--sh--- c:\windows2\system32\config\systemprofile\local settings\history\history.ie5\mshist012008022620080227\index.dat

============= FINISH: 11:24:55.67 ===============

Thanks for all your help.

Doug

 

[Blade81]

Hi Doug,

1. To my knowledge I did not open that port deliberately, unless I did so in the process of installing a program.

Ok. Let's make a few other things.

Start hjt, do a system scan, check (if found):
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.zpecialoffer.com/indexie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.5:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {8B2A62D8-E333-42C1-955B-DC5278F9FF4D} - C:\WINDOWS2\system32\vtsqq.dll (file missing)
Close browsers and fix checked entries.

Reboot and post a fresh hjt log.

 

[HSPower1972]

Here is the latest HJT log, after I removed those items you had listed that were found in the previous log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:46 AM, on 7/14/2009
Platform: Windows XP SP3, v.3311 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS2\System32\smss.exe
C:\WINDOWS2\system32\winlogon.exe
C:\WINDOWS2\system32\services.exe
C:\WINDOWS2\system32\lsass.exe
C:\WINDOWS2\system32\svchost.exe
C:\WINDOWS2\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS2\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS2\system32\msiexec.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS2\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS2\system32\wscntfy.exe
C:\WINDOWS2\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\WINDOWS2\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS2\system32\dla\tfswshx.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS2\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9CDFA58-BAA3-4C29-BD94-83FBB681E11B}: NameServer = 207.69.188.185,207.69.188.186
O18 - Protocol: ezpp - {810403FA-E82E-11D5-8AAB-0010A404A3DE} - C:\WINDOWS2\system32\EZTOOL~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS2\system32\ieframe.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7629 bytes

 

[Blade81]

Hi,

This one can be fixed too:
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file)


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:

• Click START then RUN
• Now type Combofix /u in the runbox and click OK

You may delete DDS and related logs too. Uninstall HijackThis thru add/remove programs and then delete C:\Program Files\Trend Micro\HijackThis folder.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
• Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
  Antivir
  Avast!
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
  If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[HSPower1972]

I'm not sure if this is related. If it isn't, I will start a new thread. But since we have started this cleaning process, it has been difficult to reach some of the websites in my favorites or linked from my home page. For instance, when I open ie8, my homepage is msn.com. I click on the "Hotmail" link and I will at first be shown a page that says that Internet Explorer can not display the page. No explanation or error messages are provide. Often, though I hit the refresh button (sometimes several times) and I can then view the page. Or if I go to another page and then return, I can also view the page. So far it has not happened with regards to any of the pages I have visited in this forum. When this happens, my internet connection is good. I only bring it up here, as I said above, because I have only noticed it happening since this cleaning process began and perhaps there is a connection. If it is not connected, I will start a new thread elsewhere if I have to.

Thanks for all your help.

Doug