Chuck Q
Honorary Members-
Posts
21 -
Joined
-
Last visited
Reputation
0 Neutral-
ok heres the log from the online scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=49453d945bdbd340b4df98bfb507defa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-11 08:01:22 # local_time=2009-11-11 03:01:23 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 885138 885138 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=202291 # found=33 # cleaned=0 # scan_time=6332 C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound(1).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\My Downloads\EmpireEarthGoldSetup-dm.exe Win32/Adware.Trymedia application 00000000000000000000000000000000 I C:\Nexon\MapleStory\MapleStory.exe probably a variant of Win32/PSW.Agent trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\[4]-Submit_2009-10-28_01.42.58.zip multiple threats 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\47447531\47447531.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\70847026\70847026.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\lizkavd.exe.vir Win32/Adware.XPAntiSpyware.AA application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\seres.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\svcst.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\buwapite.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\fabokenu.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\himepuka.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\jogopamo.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\lehuguwe.dll.vir Win32/KillAV.NFM trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\luhuwuji.exe.vir a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\nifolije.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.OYU trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Win32/Adware.XPSecurityCenter application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0005304.dll a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I C:\WINDOWS\$NtServicePackUninstall$\userinit.exe a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I everything seems to be working just fine
-
Malwarebytes' Anti-Malware 1.41 Database version: 3097 Windows 5.1.2600 Service Pack 3 11/4/2009 1:42:27 AM mbam-log-2009-11-04 (01-42-27).txt Scan type: Quick Scan Objects scanned: 118037 Time elapsed: 6 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
OTL Extras logfile created on: 11/4/2009 1:19:17 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free 1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: quinnk Current User Name: Kellies Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster "56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster "56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc) "C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.) "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- () "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection) "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe" = C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- () "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!) "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- () "C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" = C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:NDSTray -- (TOSHIBA CORPORATION) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft "{0489333B-76EF-4E87-B986-9B374EB78C0B}" = Symantec Real Time Storage Protection Component "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series "{0DD76815-048A-4995-AC07-C2C8469FB416}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{193428D8-940D-4351-88F6-0AFA7D1E3CB8}" = MapleStory "{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help "{1FD0CC81-1A07-49DB-8E0A-433A680AD86A}_is1" = UFNet Installer 1.4.2 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360 "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.07 "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype
-
OTL logfile created on: 11/4/2009 1:19:17 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free 1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: quinnk Current User Name: Kellies Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online) PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (odClientService) -- C:\Program Files\Funk Software\Odyssey Client\odClientService.exe (Funk Software, Inc.) SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe () SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online) SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc) SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVENG.SYS (Symantec Corporation) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090722.001\SymIDSco.sys (Symantec Corporation) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (X4HSX32) -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys (Exent Technologies Ltd.) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (odFips) -- C:\WINDOWS\system32\drivers\odFips.sys (Funk Software, Inc.) DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.) DRV - (SAMFILT) -- C:\WINDOWS\system32\drivers\samfilt.sys (Dolphin, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel
-
combofix log: ComboFix 09-10-30.01 - Kellies 11/03/2009 1:27.4.1 - NTFSx86 Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Created a new restore point FILE :: "c:\windows\Bcune.bin" "c:\windows\eziguzeyaw.dll" "c:\windows\iricudez.dll" "c:\windows\oyiderir.dll" "c:\windows\Tbepujumuqoboxe.dat" "c:\windows\unisiyuwamox.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\auth.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\caps.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\composer.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\directory.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\editor.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\find.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\intl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jar.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\locale.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\oji.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\places.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pref.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\profile.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\update.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\widget.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dependentlibs.list c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.chk c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\all.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\js3250.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\LICENSE c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\debug.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\utils.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctl.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctlx.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\msvcr71.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nspr4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nss3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssckbi.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssutil3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\platform.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plc4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plds4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\README.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrow.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\designmode.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\forms.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\grabber.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html\folder.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\language.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\mathml.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\quirk.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\svg.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\ua.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\viewsource.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\smime3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.chk c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\sqlite3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\ssl3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\updater.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\version.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcom.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcshell.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpidl.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_link.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xul.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\certificate\limewire.keystore c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\createtimes.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\downloads.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.bak c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\filters.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\gnutella.net c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\installation.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library5.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\limewire.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mojito.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\.autoreg c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cert8.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\compreg.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cookies.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\downloads.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\history.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\key3.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\permissions.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite-journal c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\pluginreg.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\prefs.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\secmod.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\XPC.mfl c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\xpti.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.backup c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.data c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.script c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\questions.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\responses.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\simpp.xml c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\spam.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\tables.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme.lwtp c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\01_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\02_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\03_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\04_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\05_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\chat.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill_on.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\logo.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\notsearching.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\question.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\searching.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\theme.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\version.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\warning.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttdata.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttrees.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttroot.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\version.xml c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\versions.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\audio.sxml3 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\video.sxml3 c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945} c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome.manifest c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\_cfg.js c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\overlay.xul c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\install.rdf c:\windows\Bcune.bin c:\windows\eziguzeyaw.dll c:\windows\iricudez.dll c:\windows\oyiderir.dll c:\windows\Tbepujumuqoboxe.dat c:\windows\unisiyuwamox.dll . ((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 ))))))))))))))))))))))))))))))) . 2009-11-03 06:26 . 2008-04-14 04:10 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys 2009-11-03 06:26 . 2008-04-14 04:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-03 06:26 . 2005-01-12 08:05 204160 ----a-w- c:\windows\system32\drivers\KR10N.sys 2009-10-29 07:04 . 2008-04-14 09:42 32866 ------w- c:\windows\slrundll.exe 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\scripting 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\l2schemas 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\en 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\bits 2009-10-29 06:59 . 2009-10-29 07:05 -------- d-----w- c:\windows\ServicePackFiles 2009-10-29 05:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 05:18 . 2009-10-29 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-29 05:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-02_04.55.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-03 06:40 . 2009-11-03 06:40 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat + 2006-02-15 14:03 . 2009-11-02 04:59 72042 c:\windows\system32\perfc009.dat - 2006-02-15 14:03 . 2009-10-29 07:20 72042 c:\windows\system32\perfc009.dat + 2006-02-15 14:03 . 2009-11-02 04:59 441174 c:\windows\system32\perfh009.dat - 2006-02-15 14:03 . 2009-10-29 07:20 441174 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [bU] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-03 01:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0xF86E8000 0x17900 bytes \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xF86F2712 != 0xF89B7A7C sdcplh.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF86EE852 != 0xF89B76F8 sdcplh.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\
-
heresthe MBAM log file: Malwarebytes' Anti-Malware 1.41 Database version: 3051 Windows 5.1.2600 Service Pack 2 10/29/2009 1:25:10 AM mbam-log-2009-10-29 (01-25-10).txt Scan type: Quick Scan Objects scanned: 115939 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\serisejeh (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogiluhehe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mcamuq.dll -> Delete on reboot. Folders Infected: C:\Documents and Settings\All Users\Application Data\09475328 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\mcamuq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kanerihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
-
ok installed the service pack, everything seems to be working fine. I cant post the malware log, when the computer rebooted and the explorer.exe wasnt running it never showed up, is it saved somewhere that i can find it? when i try to download OTL a window pops up and says i cant copy it, access is denied. And to make sure th disc isnt full or write protected, and that its not currently in use.
-
Ok I did step one, worked fine. Installed new malwarebytes, scanned and hit remove. It said one item couldn't be removed and would be removed on restart, I hit ok and it rebooted the machine, now when windows starts its just a blank background image, no taskbar, no start menu, no icons, nothing. I don't know how to bring it back. I can open the task manager but that's all, I'm posting from my blackberry
-
ok folowed all the steps, everything seems to be running normally, heres the combofix log: ComboFix 09-10-27.04 - Kellies 10/28/2009 1:43.2.1 - NTFSx86 Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt.txt AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Created a new restore point FILE :: "c:\windows\Bcune.bin" "c:\windows\erepijaferocohuv.dll" "c:\windows\ezicokuvomuyi.dll" "c:\windows\icuholuracanar.dll" "c:\windows\system32\fakubija.dll" "c:\windows\system32\gisiyojo.dll" "c:\windows\system32\kihinuga.exe" "c:\windows\system32\pojovosa.exe" "c:\windows\system32\rasawofu.dll" "c:\windows\system32\stu2.exe" "c:\windows\Tbepujumuqoboxe.dat" "c:\windows\win32k.sys" "c:\windows\wp3.dat" "c:\windows\wp4.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\66857335 c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome.manifest c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\_cfg.js c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\overlay.xul c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\install.rdf c:\windows\Bcune.bin c:\windows\erepijaferocohuv.dll c:\windows\ezicokuvomuyi.dll c:\windows\icuholuracanar.dll c:\windows\system32\fakubija.dll c:\windows\system32\gisiyojo.dll c:\windows\system32\kihinuga.exe c:\windows\system32\pojovosa.exe c:\windows\system32\rasawofu.dll c:\windows\system32\stu2.exe c:\windows\system32\zelosubo.dll c:\windows\Tbepujumuqoboxe.dat c:\windows\win32k.sys c:\windows\wp3.dat c:\windows\wp4.dat c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CDRMKAUN -------\Service_cdrmkaun ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-27 08:02 . 2009-10-27 08:02 9668 ----a-w- c:\windows\eziguzeyaw.dll 2009-10-27 07:41 . 2009-10-27 07:41 9668 ----a-w- c:\windows\unisiyuwamox.dll 2009-10-27 07:27 . 2009-10-27 07:27 9667 ----a-w- c:\windows\oyiderir.dll 2009-10-27 07:19 . 2009-10-27 07:19 9668 ----a-w- c:\windows\iricudez.dll 2009-10-21 08:50 . 2009-10-27 08:09 -------- d-----w- C:\malwarebytes 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-07-28 05:08 . 2009-07-28 05:08 39424 --sha-w- c:\windows\system32\kanerihe.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-27_07.17.13 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-28 05:54 . 2009-10-28 05:54 16384 c:\windows\temp\Perflib_Perfdata_674.dat + 2006-02-15 15:41 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-02-15 15:41 . 2009-10-27 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-10-27 07:39 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "serisejeh"="c:\windows\system32\zelosubo.dll" [bU] "Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [2007-03-08 173056] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] "mogiluhehe"="tuvafuye.dll" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli mcamuq.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} FF - HiddenExtension: XULRunner: {6550F1D5-A52F-46D8-828A-13D59CF98945} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll SSODL-figofusun-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 01:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\
-
well ignore my last post, seems to be loading just fine now on my computer. The machine seems to be running just fine. heres the log from combofix: ComboFix 09-10-26.03 - Kellies 10/27/2009 3:05.1.1 - NTFSx86 NETWORK Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\csrss.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\services.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\svchost.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\winlogon.exe c:\documents and settings\All Users\Application Data\47447531 c:\documents and settings\All Users\Application Data\47447531\47447531.bat c:\documents and settings\All Users\Application Data\47447531\47447531.exe c:\documents and settings\All Users\Application Data\70847026 c:\documents and settings\All Users\Application Data\70847026\70847026.bat c:\documents and settings\All Users\Application Data\70847026\70847026.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Kellies.KELLIE\Application Data\lizkavd.exe c:\documents and settings\Kellies.KELLIE\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\Kellies.KELLIE\Application Data\seres.exe c:\documents and settings\Kellies.KELLIE\Application Data\svcst.exe c:\documents and settings\Kellies.KELLIE\Desktop\Security Tool.lnk c:\documents and settings\Kellies.KELLIE\ntuser.dll c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Security Tool.lnk c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.lnk c:\recycler\S-1-5-21-3868997124-911790988-508925577-500 c:\windows\kb913800.exe c:\windows\msa.exe c:\windows\msb.exe c:\windows\svohost.exe c:\windows\system32\_scui.cpl c:\windows\system32\~.exe c:\windows\system32\AVR09.exe c:\windows\system32\basezafa.exe c:\windows\system32\bdjkoi5n.dll c:\windows\system32\buwapite.exe c:\windows\system32\calc.dll c:\windows\system32\config\systemprofile\ntuser.dll c:\windows\system32\critical_warning.html c:\windows\system32\fabokenu.exe c:\windows\system32\himepuka.exe c:\windows\system32\jepazeje.dll c:\windows\system32\jogekini.exe c:\windows\system32\jogopamo.exe c:\windows\system32\kemituba.exe c:\windows\system32\lehuguwe.dll c:\windows\system32\lugatepo.dll c:\windows\system32\luhuwuji.exe c:\windows\system32\mivimoru.dll c:\windows\system32\nasikaje.dll c:\windows\system32\nezogeju.dll c:\windows\system32\nifolije.exe c:\windows\system32\niniyifu.dll c:\windows\system32\nolomipu.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\pezatehe.exe c:\windows\system32\popiwoba.exe c:\windows\system32\rizakoyu.exe c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\word.doc c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\tuvafuye.dll c:\windows\system32\vobulite.exe c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\xa.tmp c:\windows\system32\zayekofu.exe c:\windows\Temp\2659976041.exe c:\windows\usenecek.dll ----- BITS: Possible infected sites ----- hxxp://mastoblastobrevodo.com hxxp://wsus.findlay.edu c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Legacy_WDefend -------\Service_WDefend ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-27 06:38 . 2009-10-27 06:38 9666 ----a-w- c:\windows\icuholuracanar.dll 2009-10-27 06:29 . 2009-10-27 06:29 9668 ----a-w- c:\windows\erepijaferocohuv.dll 2009-10-27 05:47 . 2009-10-27 05:47 9666 ----a-w- c:\windows\ezicokuvomuyi.dll 2009-10-21 08:50 . 2009-10-21 08:50 -------- d-----w- C:\malwarebytes 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328 2009-10-19 04:31 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-10-19 04:31 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-10-19 04:31 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-10-19 04:31 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll 2009-10-19 04:31 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip 2009-10-19 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip 2009-10-19 04:30 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-19 04:30 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-19 04:30 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-19 04:30 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-19 04:30 . 2009-10-19 04:39 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-19 04:30 . 2009-10-27 06:54 -------- d-----w- c:\program files\Spyware Doctor 2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\PC Tools 2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-18 08:55 . 2009-10-27 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\66857335 2009-10-18 08:54 . 2009-10-27 05:14 0 ----a-w- c:\windows\Bcune.bin 2009-10-18 08:54 . 2009-10-27 06:03 9668 ----a-w- c:\windows\Tbepujumuqoboxe.dat 2009-10-18 08:54 . 2009-10-18 08:54 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} 2009-10-18 07:59 . 2009-10-27 05:13 0 ----a-w- c:\windows\win32k.sys 2009-10-18 07:22 . 2009-10-18 12:30 58 ----a-w- c:\windows\wp4.dat 2009-10-18 07:22 . 2009-10-18 12:30 4 ----a-w- c:\windows\wp3.dat 2009-10-15 06:06 . 2004-08-10 12:00 24576 ----a-w- c:\windows\system32\stu2.exe 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 07:16 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-16 07:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 10:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 06:12 . 2009-10-19 04:30 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 05:01 . 2009-10-19 04:30 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-07-27 06:03 . 2009-07-27 06:03 53760 --sha-w- c:\windows\system32\fakubija.dll 2009-07-27 06:03 . 2009-07-27 06:03 39424 --sha-w- c:\windows\system32\gisiyojo.dll 2009-07-18 08:54 . 2009-07-18 08:54 193544 --sha-w- c:\windows\system32\kihinuga.exe 2009-07-18 08:54 . 2009-07-18 08:54 24576 --sha-w- c:\windows\system32\pojovosa.exe 2009-07-27 06:05 . 2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll . ------- Sigcheck ------- [-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ae46f49-6e96-49ca-9003-bd7e9bd3c2fb}] 2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216] [HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli mcamuq.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Documents and Settings\\Kellies.KELLIE\\My Documents\\My Pictures\\crap\\magic-_the_gathering\\Magic\\Manalink.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 cdrmkaun;cdrmkaun;c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\cdrmkaun.sys [x] R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - mbr *Deregistered* - PCTSDInjDriver32 . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: XULRunner: {38512FCB-6B6A-4F35-A22A-FB302BA73DF5} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . - - - - ORPHANS REMOVED - - - - BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe HKLM-Run-Acuzogoloputuye - c:\windows\usenecek.dll HKLM-Run-66857335 - c:\docume~1\ALLUSE~1\APPLIC~1\66857335\66857335.exe HKLM-Run-09475328 - c:\docume~1\ALLUSE~1\APPLIC~1\09475328\09475328.exe HKLM-Run-70847026 - c:\documents and settings\All Users\Application Data\70847026\70847026.exe HKLM-Run-47447531 - c:\documents and settings\All Users\Application Data\47447531\47447531.exe HKLM-Run-serisejeh - c:\windows\system32\pasaruwe.dll HKLM-Run-mogiluhehe - tuvafuye.dll SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll SharedTaskScheduler-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll SSODL-jadimukut-{e7496247-9478-42cc-b687-f088e3bf6407} - (no file) SSODL-lihijaros-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-27 03:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3133354311-158489622-3555420663-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{197D85AF-AAF7-9BC1-7AC7-6813F56B2659}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaadelajlbbflpckfobkcipcdoboch"=hex:64,61,6e,6d,6e,6e,6c,6d,00,80 "oamfefabbddlfpdojmidbbdmcofnfg"=hex:6a,61,61,6e,61,6e,64,6f,70,65,69,65,66,6c, 63,69,6a,61,67,6a,00,ba "nacfodfgcpolmmalojejkacfaiph"=hex:69,61,61,6e,67,6e,6f,65,61,69,63,6f,63,64, 62,66,63,65,00,00 [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\