Chuck Q

Honorary Members

View Profile See their activity

Posts
21
Joined
October 21, 2009
Last visited
November 12, 2009

Reputation

0 Neutral

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

ok heres the log from the online scan: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=49453d945bdbd340b4df98bfb507defa # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-11-11 08:01:22 # local_time=2009-11-11 03:01:23 (-0500, Eastern Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 885138 885138 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=202291 # found=33 # cleaned=0 # scan_time=6332 C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound(1).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\Documents and Settings\Kellies.KELLIE\My Documents\LimeWire\Saved\T.I. - Paper Trail - Let My Beat Pound.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I C:\My Downloads\EmpireEarthGoldSetup-dm.exe Win32/Adware.Trymedia application 00000000000000000000000000000000 I C:\Nexon\MapleStory\MapleStory.exe probably a variant of Win32/PSW.Agent trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\[4]-Submit_2009-10-28_01.42.58.zip multiple threats 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\47447531\47447531.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\70847026\70847026.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\lizkavd.exe.vir Win32/Adware.XPAntiSpyware.AA application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\seres.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Application Data\svcst.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Documents and Settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir a variant of Win32/Kryptik.AWD trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\buwapite.exe.vir a variant of Win32/Kryptik.AVV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\calc.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\fabokenu.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\himepuka.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\jogopamo.exe.vir Win32/Adware.SecurityTool application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\lehuguwe.dll.vir Win32/KillAV.NFM trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\luhuwuji.exe.vir a variant of Win32/Kryptik.AVX trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\nifolije.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.exe.vir a variant of Win32/Kryptik.AWF trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir Win32/TrojanDownloader.FakeAlert.AED trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\xa.tmp.vir probably a variant of Win32/TrojanDownloader.Agent.OYU trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Win32/Adware.XPSecurityCenter application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir a variant of Win32/Kryptik.AVJ trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\ntuser.dll.vir probably a variant of Win32/Opachki.A trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0005304.dll a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I C:\WINDOWS\$NtServicePackUninstall$\userinit.exe a variant of Win32/Kryptik.AAG trojan 00000000000000000000000000000000 I everything seems to be working just fine
- November 11, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

Everything is working just fine. I tried doing that online scan and it froze at 51% for almost 8 hours I dont know whats wrong, ill try it again right now hopefully it will work
- November 5, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

Malwarebytes' Anti-Malware 1.41 Database version: 3097 Windows 5.1.2600 Service Pack 3 11/4/2009 1:42:27 AM mbam-log-2009-11-04 (01-42-27).txt Scan type: Quick Scan Objects scanned: 118037 Time elapsed: 6 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- November 4, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 11/4/2009 1:19:17 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free 1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: quinnk Current User Name: Kellies Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster "56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "56828:TCP" = 56828:TCP:*:Enabled:Pando Media Booster "56828:UDP" = 56828:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation) "C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc) "C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.) "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- () "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection) "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe" = C:\Program Files\Sierra\Empire Earth Gold\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth -- () "C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.) "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine -- (Yahoo!) "C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe" = C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad -- () "C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player -- (RealNetworks, Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe" = C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe:*:Enabled:NDSTray -- (TOSHIBA CORPORATION) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft "{0489333B-76EF-4E87-B986-9B374EB78C0B}" = Symantec Real Time Storage Protection Component "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series "{0DD76815-048A-4995-AC07-C2C8469FB416}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{193428D8-940D-4351-88F6-0AFA7D1E3CB8}" = MapleStory "{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help "{1FD0CC81-1A07-49DB-8E0A-433A680AD86A}_is1" = UFNet Installer 1.4.2 "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.3.2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360 "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component "{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format "{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.07 "{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype
- November 4, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

OTL logfile created on: 11/4/2009 1:19:17 AM - Run 1 OTL by OldTimer - Version 3.1.3.3 Folder = C:\Documents and Settings\Kellies.KELLIE\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 501.98 Mb Total Physical Memory | 198.39 Mb Available Physical Memory | 39.52% Memory free 1.20 Gb Paging File | 0.97 Gb Available in Paging File | 80.65% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.91 Gb Total Space | 9.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: quinnk Current User Name: Kellies Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems) PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online) PRC - C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) PRC - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Kellies.KELLIE\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (odClientService) -- C:\Program Files\Funk Software\Odyssey Client\odClientService.exe (Funk Software, Inc.) SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.) SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation) SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation) SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation) SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe () SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (America Online) SRV - (AOL TopSpeedMonitor) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc) SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsushita Electric Industrial Co., Ltd.) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Pml Driver HPH11) -- C:\WINDOWS\system32\hphipm11.exe (HP) ========== Driver Services (SafeList) ========== DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090729.005\NAVENG.SYS (Symantec Corporation) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20090722.001\SymIDSco.sys (Symantec Corporation) DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (X4HSX32) -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys (Exent Technologies Ltd.) DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited) DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.) DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications) DRV - (odFips) -- C:\WINDOWS\system32\drivers\odFips.sys (Funk Software, Inc.) DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.) DRV - (SAMFILT) -- C:\WINDOWS\system32\drivers\samfilt.sys (Dolphin, Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel
- November 4, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

combofix log: ComboFix 09-10-30.01 - Kellies 11/03/2009 1:27.4.1 - NTFSx86 Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Created a new restore point FILE :: "c:\windows\Bcune.bin" "c:\windows\eziguzeyaw.dll" "c:\windows\iricudez.dll" "c:\windows\oyiderir.dll" "c:\windows\Tbepujumuqoboxe.dat" "c:\windows\unisiyuwamox.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\auth.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\caps.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\composer.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\directory.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\editor.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\find.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\intl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jar.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\locale.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\oji.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\places.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\pref.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\profile.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\storage.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\update.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\widget.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\crashreporter.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dependentlibs.list c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.chk c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\freebl3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\all.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\js3250.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\LICENSE c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\debug.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\utils.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctl.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\mozctlx.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\msvcr71.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nspr4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nss3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssckbi.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\nssutil3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\platform.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plc4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plds4.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\README.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrow.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\designmode.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\forms.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\grabber.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\html\folder.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\language.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\mathml.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\quirk.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\svg.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\ua.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\viewsource.css c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\smime3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.chk c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\softokn3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\sqlite3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\ssl3.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\updater.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\version.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcom.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpcshell.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpidl.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xpt_link.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xul.dll c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\browser\xulrunner\xulrunner.exe c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\certificate\limewire.keystore c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\createtimes.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\downloads.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.bak c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\fileurns.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\filters.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\gnutella.net c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\installation.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\library5.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\limewire.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mojito.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\.autoreg c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_ c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cert8.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\compreg.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\cookies.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\downloads.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\extensions.ini c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\history.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\key3.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\permissions.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite-journal c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\places.sqlite c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\pluginreg.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\prefs.js c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\secmod.db c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\XPC.mfl c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\mozilla-profile\xpti.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.backup c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.data c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.properties c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\promotion\promodb.script c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\questions.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\responses.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\simpp.xml c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\spam.dat c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\tables.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme.lwtp c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\01_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\02_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\03_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\04_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\05_star.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\chat.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\forward_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\kill_on.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\logo.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\notsearching.png c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\pause_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\play_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\question.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\rewind_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\searching.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_dn.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\stop_up.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\theme.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\version.txt c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\themes\windows_theme\warning.gif c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttdata.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttrees.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\ttroot.cache c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\version.xml c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\versions.props c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\audio.sxml3 c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire\xml\data\video.sxml3 c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945} c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome.manifest c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\_cfg.js c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\chrome\content\overlay.xul c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\install.rdf c:\windows\Bcune.bin c:\windows\eziguzeyaw.dll c:\windows\iricudez.dll c:\windows\oyiderir.dll c:\windows\Tbepujumuqoboxe.dat c:\windows\unisiyuwamox.dll . ((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 ))))))))))))))))))))))))))))))) . 2009-11-03 06:26 . 2008-04-14 04:10 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys 2009-11-03 06:26 . 2008-04-14 04:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-03 06:26 . 2005-01-12 08:05 204160 ----a-w- c:\windows\system32\drivers\KR10N.sys 2009-10-29 07:04 . 2008-04-14 09:42 32866 ------w- c:\windows\slrundll.exe 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\scripting 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\l2schemas 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\en 2009-10-29 07:04 . 2009-10-29 07:04 -------- d-----w- c:\windows\system32\bits 2009-10-29 06:59 . 2009-10-29 07:05 -------- d-----w- c:\windows\ServicePackFiles 2009-10-29 05:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-29 05:18 . 2009-10-29 05:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-29 05:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((( SnapShot_2009-11-02_04.55.06 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-03 06:40 . 2009-11-03 06:40 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat + 2006-02-15 14:03 . 2009-11-02 04:59 72042 c:\windows\system32\perfc009.dat - 2006-02-15 14:03 . 2009-10-29 07:20 72042 c:\windows\system32\perfc009.dat + 2006-02-15 14:03 . 2009-11-02 04:59 441174 c:\windows\system32\perfh009.dat - 2006-02-15 14:03 . 2009-10-29 07:20 441174 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [bU] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - CLASSPNP_2 *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-03 01:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sdcplh.sys atapi.sys pciide.sys kernel: MBR read successfully user & kernel MBR OK Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net atapi.sys @ 0xF86E8000 0x17900 bytes \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xF86F2712 != 0xF89B7A7C sdcplh.sys \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0xF86EE852 != 0xF89B76F8 sdcplh.sys \Driver\atapi IRP hooks detected ! ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\
- November 3, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

I tried to copy/paste the comboxfix log, but it was too long, so i attached it instead ComboFix.txt
- November 2, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

heresthe MBAM log file: Malwarebytes' Anti-Malware 1.41 Database version: 3051 Windows 5.1.2600 Service Pack 2 10/29/2009 1:25:10 AM mbam-log-2009-10-29 (01-25-10).txt Scan type: Quick Scan Objects scanned: 115939 Time elapsed: 5 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\serisejeh (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mogiluhehe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mcamuq.dll -> Delete on reboot. Folders Infected: C:\Documents and Settings\All Users\Application Data\09475328 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\mcamuq.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\kanerihe.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
- November 2, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

ok sorry i was out of town thed past few days away from the computer. I tried to delete the OTL file, but it said i dont have appropriate permission to access it.
- November 2, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

ok installed the service pack, everything seems to be working fine. I cant post the malware log, when the computer rebooted and the explorer.exe wasnt running it never showed up, is it saved somewhere that i can find it? when i try to download OTL a window pops up and says i cant copy it, access is denied. And to make sure th disc isnt full or write protected, and that its not currently in use.
- October 29, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

nevermind, googled it and found out i had to open task manager and start explorer.exe, continuing with the rest of the steps now
- October 29, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

Ok I did step one, worked fine. Installed new malwarebytes, scanned and hit remove. It said one item couldn't be removed and would be removed on restart, I hit ok and it rebooted the machine, now when windows starts its just a blank background image, no taskbar, no start menu, no icons, nothing. I don't know how to bring it back. I can open the task manager but that's all, I'm posting from my blackberry
- October 29, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

ok folowed all the steps, everything seems to be running normally, heres the combofix log: ComboFix 09-10-27.04 - Kellies 10/28/2009 1:43.2.1 - NTFSx86 Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Kellies.KELLIE\Desktop\CFScript.txt.txt AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} * Created a new restore point FILE :: "c:\windows\Bcune.bin" "c:\windows\erepijaferocohuv.dll" "c:\windows\ezicokuvomuyi.dll" "c:\windows\icuholuracanar.dll" "c:\windows\system32\fakubija.dll" "c:\windows\system32\gisiyojo.dll" "c:\windows\system32\kihinuga.exe" "c:\windows\system32\pojovosa.exe" "c:\windows\system32\rasawofu.dll" "c:\windows\system32\stu2.exe" "c:\windows\Tbepujumuqoboxe.dat" "c:\windows\win32k.sys" "c:\windows\wp3.dat" "c:\windows\wp4.dat" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\66857335 c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome.manifest c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\_cfg.js c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\chrome\content\overlay.xul c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5}\install.rdf c:\windows\Bcune.bin c:\windows\erepijaferocohuv.dll c:\windows\ezicokuvomuyi.dll c:\windows\icuholuracanar.dll c:\windows\system32\fakubija.dll c:\windows\system32\gisiyojo.dll c:\windows\system32\kihinuga.exe c:\windows\system32\pojovosa.exe c:\windows\system32\rasawofu.dll c:\windows\system32\stu2.exe c:\windows\system32\zelosubo.dll c:\windows\Tbepujumuqoboxe.dat c:\windows\win32k.sys c:\windows\wp3.dat c:\windows\wp4.dat c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CDRMKAUN -------\Service_cdrmkaun ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-27 08:02 . 2009-10-27 08:02 9668 ----a-w- c:\windows\eziguzeyaw.dll 2009-10-27 07:41 . 2009-10-27 07:41 9668 ----a-w- c:\windows\unisiyuwamox.dll 2009-10-27 07:27 . 2009-10-27 07:27 9667 ----a-w- c:\windows\oyiderir.dll 2009-10-27 07:19 . 2009-10-27 07:19 9668 ----a-w- c:\windows\iricudez.dll 2009-10-21 08:50 . 2009-10-27 08:09 -------- d-----w- C:\malwarebytes 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 08:32 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-07-28 05:08 . 2009-07-28 05:08 39424 --sha-w- c:\windows\system32\kanerihe.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-10-27_07.17.13 ))))))))))))))))))))))))))))))))))))))))) . + 2009-10-28 05:54 . 2009-10-28 05:54 16384 c:\windows\temp\Perflib_Perfdata_674.dat + 2006-02-15 15:41 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-02-15 15:41 . 2009-10-27 05:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-10-27 07:39 . 2009-10-27 08:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "serisejeh"="c:\windows\system32\zelosubo.dll" [bU] "Acuzogoloputuye"="c:\windows\ipaboxebodamu.dll" [2007-03-08 173056] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] "mogiluhehe"="tuvafuye.dll" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli mcamuq.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} FF - HiddenExtension: XULRunner: {6550F1D5-A52F-46D8-828A-13D59CF98945} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{6550F1D5-A52F-46D8-828A-13D59CF98945}\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . - - - - ORPHANS REMOVED - - - - SharedTaskScheduler-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll SSODL-figofusun-{05011fec-9346-4627-9894-632980b0428c} - c:\windows\system32\zelosubo.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 01:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\
- October 28, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

well ignore my last post, seems to be loading just fine now on my computer. The machine seems to be running just fine. heres the log from combofix: ComboFix 09-10-26.03 - Kellies 10/27/2009 3:05.1.1 - NTFSx86 NETWORK Running from: c:\documents and settings\Kellies.KELLIE\Desktop\ComboFix.exe AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\csrss.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\services.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\svchost.exe c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\winlogon.exe c:\documents and settings\All Users\Application Data\47447531 c:\documents and settings\All Users\Application Data\47447531\47447531.bat c:\documents and settings\All Users\Application Data\47447531\47447531.exe c:\documents and settings\All Users\Application Data\70847026 c:\documents and settings\All Users\Application Data\70847026\70847026.bat c:\documents and settings\All Users\Application Data\70847026\70847026.exe c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Kellies.KELLIE\Application Data\lizkavd.exe c:\documents and settings\Kellies.KELLIE\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\Kellies.KELLIE\Application Data\seres.exe c:\documents and settings\Kellies.KELLIE\Application Data\svcst.exe c:\documents and settings\Kellies.KELLIE\Desktop\Security Tool.lnk c:\documents and settings\Kellies.KELLIE\ntuser.dll c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Security Tool.lnk c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\scandisk.lnk c:\recycler\S-1-5-21-3868997124-911790988-508925577-500 c:\windows\kb913800.exe c:\windows\msa.exe c:\windows\msb.exe c:\windows\svohost.exe c:\windows\system32\_scui.cpl c:\windows\system32\~.exe c:\windows\system32\AVR09.exe c:\windows\system32\basezafa.exe c:\windows\system32\bdjkoi5n.dll c:\windows\system32\buwapite.exe c:\windows\system32\calc.dll c:\windows\system32\config\systemprofile\ntuser.dll c:\windows\system32\critical_warning.html c:\windows\system32\fabokenu.exe c:\windows\system32\himepuka.exe c:\windows\system32\jepazeje.dll c:\windows\system32\jogekini.exe c:\windows\system32\jogopamo.exe c:\windows\system32\kemituba.exe c:\windows\system32\lehuguwe.dll c:\windows\system32\lugatepo.dll c:\windows\system32\luhuwuji.exe c:\windows\system32\mivimoru.dll c:\windows\system32\nasikaje.dll c:\windows\system32\nezogeju.dll c:\windows\system32\nifolije.exe c:\windows\system32\niniyifu.dll c:\windows\system32\nolomipu.dll c:\windows\system32\pasaruwe.dll c:\windows\system32\pezatehe.exe c:\windows\system32\popiwoba.exe c:\windows\system32\rizakoyu.exe c:\windows\system32\schtml c:\windows\system32\schtml\dbsinit.exe c:\windows\system32\schtml\images\i1.gif c:\windows\system32\schtml\images\i2.gif c:\windows\system32\schtml\images\i3.gif c:\windows\system32\schtml\images\j1.gif c:\windows\system32\schtml\images\j2.gif c:\windows\system32\schtml\images\j3.gif c:\windows\system32\schtml\images\jj1.gif c:\windows\system32\schtml\images\jj2.gif c:\windows\system32\schtml\images\jj3.gif c:\windows\system32\schtml\images\l1.gif c:\windows\system32\schtml\images\l2.gif c:\windows\system32\schtml\images\l3.gif c:\windows\system32\schtml\images\pix.gif c:\windows\system32\schtml\images\t1.gif c:\windows\system32\schtml\images\t2.gif c:\windows\system32\schtml\images\up1.gif c:\windows\system32\schtml\images\up2.gif c:\windows\system32\schtml\images\w1.gif c:\windows\system32\schtml\images\w11.gif c:\windows\system32\schtml\images\w2.gif c:\windows\system32\schtml\images\w3.gif c:\windows\system32\schtml\images\w3.jpg c:\windows\system32\schtml\images\word.doc c:\windows\system32\schtml\images\wt1.gif c:\windows\system32\schtml\images\wt2.gif c:\windows\system32\schtml\images\wt3.gif c:\windows\system32\schtml\wispex.html c:\windows\system32\tuvafuye.dll c:\windows\system32\vobulite.exe c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\xa.tmp c:\windows\system32\zayekofu.exe c:\windows\Temp\2659976041.exe c:\windows\usenecek.dll ----- BITS: Possible infected sites ----- hxxp://mastoblastobrevodo.com hxxp://wsus.findlay.edu c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Legacy_WDefend -------\Service_WDefend ((((((((((((((((((((((((( Files Created from 2009-09-27 to 2009-10-27 ))))))))))))))))))))))))))))))) . 2009-10-27 06:38 . 2009-10-27 06:38 9666 ----a-w- c:\windows\icuholuracanar.dll 2009-10-27 06:29 . 2009-10-27 06:29 9668 ----a-w- c:\windows\erepijaferocohuv.dll 2009-10-27 05:47 . 2009-10-27 05:47 9666 ----a-w- c:\windows\ezicokuvomuyi.dll 2009-10-21 08:50 . 2009-10-21 08:50 -------- d-----w- C:\malwarebytes 2009-10-21 08:12 . 2009-10-21 08:23 -------- d-----w- c:\program files\Trend Micro 2009-10-21 07:07 . 2009-10-21 07:48 -------- d-----w- C:\malwarecrap 2009-10-21 06:10 . 2009-10-21 06:10 -------- d-----w- c:\program files\ERUNT 2009-10-20 06:09 . 2009-10-20 06:09 -------- d-----w- C:\6e5d4cfe5733aeda209e6bdb61f3ca 2009-10-19 05:21 . 2009-10-19 05:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-10-19 05:13 . 2009-10-19 05:13 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Malwarebytes 2009-10-19 05:08 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-19 05:07 . 2009-10-19 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-10-19 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-19 04:57 . 2009-10-27 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\09475328 2009-10-19 04:31 . 2009-10-08 15:31 149456 ----a-w- c:\windows\SGDetectionTool.dll 2009-10-19 04:31 . 2009-10-08 15:31 165840 ----a-w- c:\windows\PCTBDRes.dll 2009-10-19 04:31 . 2009-10-08 15:31 1636304 ----a-w- c:\windows\PCTBDCore.dll 2009-10-19 04:31 . 2009-10-08 15:31 767952 ----a-w- c:\windows\BDTSupport.dll 2009-10-19 04:31 . 2009-10-02 18:19 1152470 ----a-w- c:\windows\UDB.zip 2009-10-19 04:31 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip 2009-10-19 04:30 . 2009-09-24 12:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-10-19 04:30 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-10-19 04:30 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-10-19 04:30 . 2009-09-03 13:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-10-19 04:30 . 2009-10-19 04:39 -------- d-----w- c:\program files\Common Files\PC Tools 2009-10-19 04:30 . 2009-10-27 06:54 -------- d-----w- c:\program files\Spyware Doctor 2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\PC Tools 2009-10-19 04:30 . 2009-10-19 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-10-19 04:01 . 2009-10-19 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2009-10-19 03:56 . 2009-10-19 03:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} 2009-10-18 12:14 . 2009-10-18 12:14 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-10-18 08:55 . 2009-10-27 05:42 -------- d-----w- c:\documents and settings\All Users\Application Data\66857335 2009-10-18 08:54 . 2009-10-27 05:14 0 ----a-w- c:\windows\Bcune.bin 2009-10-18 08:54 . 2009-10-27 06:03 9668 ----a-w- c:\windows\Tbepujumuqoboxe.dat 2009-10-18 08:54 . 2009-10-18 08:54 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} 2009-10-18 07:59 . 2009-10-27 05:13 0 ----a-w- c:\windows\win32k.sys 2009-10-18 07:22 . 2009-10-18 12:30 58 ----a-w- c:\windows\wp4.dat 2009-10-18 07:22 . 2009-10-18 12:30 4 ----a-w- c:\windows\wp3.dat 2009-10-15 06:06 . 2004-08-10 12:00 24576 ----a-w- c:\windows\system32\stu2.exe 2009-10-14 13:42 . 2009-10-14 13:42 -------- d-----w- c:\program files\BBSAK 2009-10-14 11:24 . 2009-10-14 11:24 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-10-14 11:15 . 2009-10-14 11:15 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\WMTools Downloaded Files 2009-10-14 05:17 . 2009-10-14 07:40 -------- d-----w- c:\program files\Magic Workstation . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-27 07:16 . 2009-02-18 20:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 05:31 . 2006-02-25 07:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-15 08:33 . 2008-03-07 09:14 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\LimeWire 2009-10-15 07:44 . 2009-02-24 06:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-15 06:31 . 2009-02-24 06:24 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-15 06:06 . 2006-02-15 14:04 68096 ----a-w- c:\windows\system32\userinit.exe 2009-09-19 01:58 . 2007-05-04 16:26 -------- d-----w- c:\documents and settings\Kellies.KELLIE\Application Data\Apple Computer 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\program files\iTunes 2009-09-19 01:51 . 2009-09-19 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-19 01:50 . 2009-09-19 01:50 -------- d-----w- c:\program files\iPod 2009-09-19 01:50 . 2008-02-20 20:46 -------- d-----w- c:\program files\Common Files\Apple 2009-09-19 01:48 . 2009-09-19 01:48 -------- d-----w- c:\program files\QuickTime 2009-09-16 07:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2009-09-15 10:20 . 2009-10-19 04:30 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2009-09-15 06:12 . 2009-10-19 04:30 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2009-09-15 05:01 . 2009-10-19 04:30 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2009-09-06 21:05 . 2009-09-06 21:05 256 ----a-w- c:\documents and settings\Kellies.KELLIE\pool.bin 2009-08-28 23:42 . 2009-08-23 06:57 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-28 23:42 . 2008-12-25 23:00 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2007-06-26 21:14 . 2006-08-25 18:16 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2007-06-26 21:14 . 2006-08-25 18:16 49256 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2007-06-26 21:14 . 2006-08-25 18:16 166000 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2009-07-27 06:03 . 2009-07-27 06:03 53760 --sha-w- c:\windows\system32\fakubija.dll 2009-07-27 06:03 . 2009-07-27 06:03 39424 --sha-w- c:\windows\system32\gisiyojo.dll 2009-07-18 08:54 . 2009-07-18 08:54 193544 --sha-w- c:\windows\system32\kihinuga.exe 2009-07-18 08:54 . 2009-07-18 08:54 24576 --sha-w- c:\windows\system32\pojovosa.exe 2009-07-27 06:05 . 2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll . ------- Sigcheck ------- [-] 2009-10-15 06:06 . 9579FD95E7EF64EF5F5BE2B3D5F95F3B . 68096 . . [------] . . c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ae46f49-6e96-49ca-9003-bd7e9bd3c2fb}] 2009-07-27 06:05 53760 --sha-w- c:\windows\system32\rasawofu.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216] [HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}] [HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-05-24 188416] "HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-08 185896] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-07-18 116072] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624] "CFSServ.exe"="CFSServ.exe" [bU] c:\documents and settings\Kellies.KELLIE\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-6-12 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] 2006-08-25 18:15 106496 ----a-w- c:\windows\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli mcamuq.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk backup=c:\windows\pss\Exif Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metamail Trust Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metamail Trust Manager.lnk backup=c:\windows\pss\Metamail Trust Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Viewpoint Manager Service"=2 (0x2) "TAPPSRV"=2 (0x2) "Swupdtmr"=2 (0x2) "ose"=3 (0x3) "odClientService"=2 (0x2) "LiveUpdate Notice Service"=2 (0x2) "LiveUpdate Notice Ex"=2 (0x2) "LiveUpdate"=3 (0x3) "idsvc"=3 (0x3) "gusvc"=3 (0x3) "comHost"=3 (0x3) "CLTNetCnService"=2 (0x2) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) "Bonjour Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL TopSpeedMonitor"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Sierra\\Empire Earth Gold\\Empire Earth\\Empire Earth.exe"= "c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"= "c:\\Documents and Settings\\Kellies.KELLIE\\My Documents\\My Pictures\\crap\\magic-_the_gathering\\Magic\\Manalink.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56828:TCP"= 56828:TCP:Pando Media Booster "56828:UDP"= 56828:UDP:Pando Media Booster R3 cdrmkaun;cdrmkaun;c:\docume~1\KELLIE~1.KEL\LOCALS~1\Temp\cdrmkaun.sys [x] R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-09-06 155184] R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S0 odFips;odFips;c:\windows\system32\drivers\odFips.sys [2006-05-24 254208] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2005-09-06 24521] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *Deregistered* - mbr *Deregistered* - PCTSDInjDriver32 . Contents of the 'Scheduled Tasks' folder 2009-10-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-10-17 c:\windows\Tasks\At1.job - c:\program files\spybot - search & destroy\spybotsd.exe [2006-08-25 08:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aol.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html LSP: connwsp.dll Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - FF - ProfilePath - c:\documents and settings\Kellies.KELLIE\Application Data\Mozilla\Firefox\Profiles\l2co8tuz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.toshibadirect.com/dpdstart FF - component: c:\progra~1\MOZILL~1\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll FF - HiddenExtension: XULRunner: {38512FCB-6B6A-4F35-A22A-FB302BA73DF5} - c:\documents and settings\Kellies.KELLIE\Local Settings\Application Data\{38512FCB-6B6A-4F35-A22A-FB302BA73DF5} FF - HiddenExtension: XULRunner: {E363803E-0D71-400E-8024-591C38995471} - c:\documents and settings\Administrator\Local Settings\Application Data\{E363803E-0D71-400E-8024-591C38995471} ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true); . - - - - ORPHANS REMOVED - - - - BHO-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe HKLM-Run-Acuzogoloputuye - c:\windows\usenecek.dll HKLM-Run-66857335 - c:\docume~1\ALLUSE~1\APPLIC~1\66857335\66857335.exe HKLM-Run-09475328 - c:\docume~1\ALLUSE~1\APPLIC~1\09475328\09475328.exe HKLM-Run-70847026 - c:\documents and settings\All Users\Application Data\70847026\70847026.exe HKLM-Run-47447531 - c:\documents and settings\All Users\Application Data\47447531\47447531.exe HKLM-Run-serisejeh - c:\windows\system32\pasaruwe.dll HKLM-Run-mogiluhehe - tuvafuye.dll SharedTaskScheduler-{A2234B15-23F2-42AD-F4E4-00AAC39C0004} - c:\windows\system32\bdjkoi5n.dll SharedTaskScheduler-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll SSODL-jadimukut-{e7496247-9478-42cc-b687-f088e3bf6407} - (no file) SSODL-lihijaros-{4473fd11-d88c-4c6e-afe4-33477f20598b} - c:\windows\system32\pasaruwe.dll Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-27 03:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3133354311-158489622-3555420663-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{197D85AF-AAF7-9BC1-7AC7-6813F56B2659}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oaadelajlbbflpckfobkcipcdoboch"=hex:64,61,6e,6d,6e,6e,6c,6d,00,80 "oamfefabbddlfpdojmidbbdmcofnfg"=hex:6a,61,61,6e,61,6e,64,6f,70,65,69,65,66,6c, 63,69,6a,61,67,6a,00,ba "nacfodfgcpolmmalojejkacfaiph"=hex:69,61,61,6e,67,6e,6f,65,61,69,63,6f,63,64, 62,66,63,65,00,00 [HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\
- October 27, 2009
- 34 replies
Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Chuck Q replied to Chuck Q's topic in Resolved Malware Removal Logs

Ok it ran fine, but now neither internet explorer or firefox will load the malwarebytes website, I'm posting from my blackberry so I can't post the logs unless I email them to myself and post them from here. Everything else seems to be running just fine though!
- October 27, 2009
- 34 replies

Sign In

Chuck Q

Posts

Joined

Last visited

Reputation

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Malwarebytes installs/starts, then shuts down within 5 seconds, please help

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information