Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Malwarebytes Problem - Used to Get Rid of Antivirus 2009

This is a discussion on Malwarebytes Problem - Used to Get Rid of Antivirus 2009 within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi, So I did the steps in the Instructions, BUT I made a mistake in the beginning, at first I


 
 
Thread Tools Search this Thread
Old 07-20-2010, 12:46 PM   #1
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Hi,

So I did the steps in the Instructions, BUT I made a mistake in the beginning, at first I started going off this post: https://www.techsupportforum.com/f100...es-359912.html - Which helped me access the internet, and so I already ran ComboFix, and only read later it could hurt a lot

Well this is what happened, I used rkill and Malware bytes to try to get rid of Antivirus 2009, that kept popping up and also saying random things were infected (like .dll file and such). And I tried manually looking for all those processes and things on my computer using another site. Anyway, my internet stopped working, IE, Firefox and Chrome - the proxy server. But I was able to bypass that with firefox because of tentonbob's advice with the other guy.

So here are my results (attached is Attach.zip which has both Attach and Ark in it, and this is the DDS report):

----

DDS (Ver_10-03-17.01) - NTFSx86
Run by adith at 12:43:38.27 on Tue 07/20/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1653 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\adith\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\adith\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: McAfee SiteAdvisor: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\adith\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SMART Board Service] c:\program files\smart technologies\smart board drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe -e
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
StartupFolder: c:\users\adith\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\micros~3\office\1033\phdintl.dll/phdContext.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adith\appdata\roaming\mozilla\firefox\profiles\dpuzr4vj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\adith\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\adith\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\adith\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-8 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-2 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-5-5 231424]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-8-8 636144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-8 144128]
R3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\drivers\OA009Ufd.sys [2009-3-6 133632]
R3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\drivers\OA009Vid.sys [2009-3-19 271552]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2009-9-17 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2009-9-17 14120]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\drivers\SMARTVTabletPCx86.sys [2009-9-17 13440]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2010-6-1 7168]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-07-20 17:30:57 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-20 17:20:37 98816 ----a-w- c:\windows\sed.exe
2010-07-20 17:20:37 77312 ----a-w- c:\windows\MBR.exe
2010-07-20 17:20:37 256512 ----a-w- c:\windows\PEV.exe
2010-07-20 17:20:37 161792 ----a-w- c:\windows\SWREG.exe
2010-07-20 04:24:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 04:24:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 04:24:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 22:24:19 0 d-----w- c:\program files\Freeware PDF Unlocker
2010-06-30 18:26:01 0 d-----w- c:\programdata\McAfee Security Scan
2010-06-30 18:25:56 0 d-----w- c:\program files\McAfee Security Scan
2010-06-26 03:38:53 0 d-----w- C:\61cc410b023e524d7069
2010-06-24 08:02:04 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:02:04 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:02:03 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:02:03 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:02:03 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:20:27 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:20:26 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2010-06-02 03:47:48 7168 ----a-w- c:\windows\DellBIOS.Sys
2010-05-26 1741 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13:48 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-25 22:16:44 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-25 22:16:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-25 22:16:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-25 22:16:44 143360 ----a-w- c:\windows\inf\infstor.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-09 00:12:59 75 --sh--r- c:\windows\CT4CET.bin
2010-01-28 07:30:34 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-15 18:24:58 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-08-09 02:26:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:43:53.33 ===============
-----



Any help would be awesome. I hate viruses, as probably everyone else does too Also I am not sure if I still have the Windows Install Disk/Boot CD. I will look for it.
Attached Files
File Type: zip Attach.zip.zip (5.6 KB, 18 views)
holyace2k2 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2010, 07:58 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

I need to see your ComboFix.txt log.

Go Start > Run and copy/paste the following single-line command into the Run box and click OK:

C:\ComboFix.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2010, 08:09 PM   #3
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Hi chemist, thanks for your help in advance, I do see that you guys are crazy busy, but it's cool what you guys are doing so thanks

So
after I did run Combofix, eventually my internet (with proxy) started working, and it's been fine, I finally was able to uninstall Dell Dock and I got McAffee installed, and also I read about LimeWire and stuff on here, and I have not used it over like 4 or 5 months because of ethical reasons, I stopped, so I uninstalled that too.

I'm still nervous if the virus is like chilling somewhere....here's my combo log:


ComboFix 10-07-19.05 - adith 07/20/2010 12:21:43.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.1565 [GMT -5:00]
Running from: c:\users\adith\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\system volume information\SystemRestore
c:\users\adith\AppData\Local\{8BCED1FA-7FFC-48AC-ADD4-77F137AE1674}
c:\users\adith\AppData\Local\{8BCED1FA-7FFC-48AC-ADD4-77F137AE1674}\chrome.manifest
c:\users\adith\AppData\Local\{8BCED1FA-7FFC-48AC-ADD4-77F137AE1674}\chrome\content\_cfg.js
c:\users\adith\AppData\Local\{8BCED1FA-7FFC-48AC-ADD4-77F137AE1674}\chrome\content\overlay.xul
c:\users\adith\AppData\Local\{8BCED1FA-7FFC-48AC-ADD4-77F137AE1674}\install.rdf
c:\users\adith\AppData\Roaming\413E9B44303005B82839F5367AB1F4C5
c:\users\adith\AppData\Roaming\413E9B44303005B82839F5367AB1F4C5\enemies-names.txt
c:\users\adith\AppData\Roaming\413E9B44303005B82839F5367AB1F4C5\local.ini
c:\users\adith\AppData\Roaming\413E9B44303005B82839F5367AB1F4C5\lsrslt.ini
c:\users\adith\AppData\Roaming\f1479850.exe
c:\users\adith\GoToAssistDownloadHelper.exe
c:\windows\system32\st326162.dll
c:\windows\xpsp1hfm.log
E:\AUTORUN.INF

.
((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 04:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 04:24 . 2010-07-20 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 04:06 . 2010-07-20 04:06 2811 ----a-w- c:\users\adith\AppData\Local\iriweloh.dll
2010-07-20 02:08 . 2010-07-20 04:13 2811 ----a-w- c:\users\adith\AppData\Local\Ufodurexuriv.dat
2010-07-20 02:08 . 2010-07-20 02:08 0 ----a-w- c:\users\adith\AppData\Local\Xmunevedecot.bin
2010-07-20 02:07 . 2010-07-20 05:42 -------- d-----w- c:\users\adith\AppData\Local\qsaoavwsd
2010-07-05 15:17 . 2010-07-05 15:17 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-07-02 22:24 . 2010-07-02 22:24 -------- d-----w- c:\program files\Freeware PDF Unlocker
2010-06-30 18:26 . 2010-06-30 18:26 -------- d-----w- c:\programdata\McAfee Security Scan
2010-06-30 18:25 . 2010-07-04 09:18 -------- d-----w- c:\program files\McAfee Security Scan
2010-06-26 03:38 . 2010-06-26 03:38 -------- d-----w- C:\61cc410b023e524d7069
2010-06-24 08:02 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:02 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:02 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:02 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:02 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:20 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:20 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 16:21 . 2009-11-21 08:47 -------- d-----w- c:\users\adith\AppData\Roaming\LimeWire
2010-07-20 05:44 . 2009-08-09 00:03 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2010-07-14 21:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-11 00:49 . 2009-09-06 02:27 6080 ----a-w- c:\users\adith\AppData\Local\d3d9caps.dat
2010-06-17 05:54 . 2009-12-28 04:05 680 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2010-06-02 15:47 . 2010-06-02 15:47 -------- d-----w- c:\programdata\Alwil Software
2010-06-02 15:47 . 2009-09-07 20:56 -------- d-----w- c:\program files\Alwil Software
2010-06-02 14:47 . 2010-06-02 14:47 -------- d-----w- c:\programdata\McAfee
2010-06-02 14:47 . 2010-06-02 14:47 -------- d-----w- c:\program files\McAfee
2010-06-02 14:45 . 2009-10-04 18:59 -------- d-----w- c:\program files\AVS4YOU
2010-06-02 14:40 . 2009-08-09 00:07 -------- d-----w- c:\program files\Windows Live
2010-06-02 14:01 . 2009-10-04 19:35 -------- d-----w- c:\programdata\NCH Software
2010-06-02 04:53 . 2010-06-02 04:53 -------- d-----w- c:\users\adith\AppData\Roaming\Malwarebytes
2010-06-02 04:53 . 2010-06-02 04:53 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 03:47 . 2010-06-02 03:47 7168 ----a-w- c:\windows\DellBIOS.Sys
2010-06-01 22:58 . 2010-06-01 22:58 -------- d-----w- c:\programdata\WindowsSearch
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\Conduit
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-26 17:06 . 2010-06-10 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 05:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14 . 2009-10-02 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 17:55 . 2010-05-07 17:55 255472 ----a-w- c:\users\adith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-06 20:59 . 2010-06-02 15:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-06 20:59 . 2010-06-02 15:47 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-06-02 15:48 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-06-02 15:48 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2010-06-02 15:48 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:34 . 2010-06-02 15:48 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-06 20:33 . 2010-06-02 15:48 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-04 05:59 . 2010-06-10 05:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 05:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 05:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 05:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 05:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-26 15:04 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-09 00:12 . 2009-08-09 00:12 75 --sh--r- c:\windows\CT4CET.bin
2009-08-09 02:26 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 17:33 2515552 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-09-17 2647336]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-09-17 1049896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

c:\users\adith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-9-17 10994984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-09 00:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,c0,f8,54,90,9d,ca,01

R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
R3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2010-06-02 7168]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-05-05 231424]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-09-17 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-09-17 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-09-17 13440]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930493451-3030701461-2303587639-1000Core.job
- c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-06 00:50]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930493451-3030701461-2303587639-1000UA.job
- c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-06 00:50]

2010-07-19 c:\windows\Tasks\User_Feed_Synchronization-{3ED861E9-56F3-474C-AF26-096377D00E92}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
FF - ProfilePath - c:\users\adith\AppData\Roaming\Mozilla\Firefox\Profiles\dpuzr4vj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\adith\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\adith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\adith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-07-20 12:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\adith\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2010-07-20 12:30:53
ComboFix-quarantined-files.txt 2010-07-20 17:30

Pre-Run: 149,371,482,112 bytes free
Post-Run: 150,433,353,728 bytes free

- - End Of File - - D54544495CB52E1A229DD92BF6B437A0
holyace2k2 is offline  
Sponsored Links
Advertisement
 
Old 07-21-2010, 08:25 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello holyace2k2. avast! didn't uninstall cleanly.

Please download the avast! Antivirus Removal Tool and Save it to your Desktop.
  • Close all programs.
  • Double-click aswclear.exe then click 'Run'.
  • In Vista/Win7, right-click and choose 'Run as Administrator'.
  • Follow the on-screen instructions.
  • Copy/paste c:\program files\Alwil Software into the 'Enter path to folder...' box.
  • Restart your computer if asked.
  • Then delete aswclear.exe from your desktop.
------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
dir /a /s "c:\users\adith\AppData\Local\qsaoavwsd" > log.txt
notepad log.txt
del peek.bat
Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2010, 08:49 PM   #5
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



peek.bat did look like that, when I opened it, all it said in notepad was:

Volume in drive C is OS
Volume Serial Number is 8603-5F18

Directory of c:\users\adith\AppData\Local\qsaoavwsd

07/20/2010 12:42 AM <DIR> .
07/20/2010 12:42 AM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 147,932,348,416 bytes free



and separate C:\Windows\system...cmd.exe opened, but that was it. (I messed up -I'm only deleting the aswclear.exe file now, AFTER i ran peek.bat, I don't know if that has an effect)
holyace2k2 is offline  
Old 07-21-2010, 09:29 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, holyace2k2. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

------------------------------------------------------

Close any open browsers.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
Firefox::
FF - ProfilePath - c:\users\adith\AppData\Roaming\Mozilla\Firefox\Profiles\dpuzr4vj.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 0

Driver::
yksvc

File::
c:\users\adith\AppData\Local\iriweloh.dll
c:\users\adith\AppData\Local\Ufodurexuriv.dat
c:\users\adith\AppData\Local\Xmunevedecot.bin

Folder::
c:\users\adith\AppData\Local\qsaoavwsd
c:\users\adith\AppData\Roaming\LimeWire
c:\program files\LimeWire

DDS::
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5643
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------

Your Java is out of date.

Java(TM) 6 Update 13 can be updated from the Java Control Panel. Go Start > Control Panel > Programs > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista, you must open the Web browser via a right-click using the Run as Administrator command.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at any Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected.
  • It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-22-2010, 10:22 PM   #7
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Hi! Sorry I did not know that there was a reply because I did not get a notification, so I just checked the thread now and I saw you replied.

I tried to disable the virus protection stuff,
but I was having trouble disabling MCAFFEE VIRUS SCAN 8.7!
I looked at the steps on the link you provided, but still had trouble.

But I can update on how the computer has been acting,
it's been surprisingly fine, it runs just like how it used to. And it seems normal. (but I know some viruses can still hang around and act up later, actually I don't know if that's my imagination or real, but it seems real, once a long time ago there was a teddy bear virus, and even though it was gone, I had to look through folders, and I found that cute teddy bear just sitting there).
holyace2k2 is offline  
Old 07-22-2010, 10:57 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, holyace2k2.

Please uninstall the following via the Programs and Features section of your Control Panel if they still exist:

McAfee Security Scan Plus

Reboot if not prompted.

------------------------------------------------------

Try the previous instructions again. Let me know if you still have trouble.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-22-2010, 11:53 PM   #9
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



I can't access anything. After running combofix, I can't open Firefox or anything, like any program. What should I do???

(I did turn off all the virus stuff before and such)

It says like registry key has been marked for deletion

I can't even access the ComboFix log after saving it


I am reading on another site about this: "I had assumed that the registry keys were deleted because of McAfee's interference with Combofix's process" - I disabled McAfee though...I don't know, when it restarted, McAffee looked like it was up again though, I am not sure.

I am pretty nervous, any help would be great, any way to redeem this.
holyace2k2 is offline  
Old 07-23-2010, 11:55 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Reboot your computer.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2010, 08:48 PM   #11
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Hi Chemist,

Yeah after shutting it down, I started it up again later to check on it, and it thankfully was working. I was really happy about that. Kaspersky Online Scan took some time, so sorry for the late reply. I think you wanted it copy and pasted, if need attachment, let me know.

So here's the report from combofix:

ComboFix 10-07-22.01 - adith 07/23/2010 0:29.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3032.2001 [GMT -5:00]
Running from: c:\users\adith\Desktop\ComboFix.exe
Command switches used :: c:\users\adith\Desktop\CFScript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
SP: VirusScan Enterprise + AntiSpyware Enterprise *disabled* (Updated) {24E45799-D058-4314-AC5D-1B2EE5C3151F}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\adith\AppData\Local\iriweloh.dll"
"c:\users\adith\AppData\Local\Ufodurexuriv.dat"
"c:\users\adith\AppData\Local\Xmunevedecot.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\adith\AppData\Local\iriweloh.dll
c:\users\adith\AppData\Local\qsaoavwsd
c:\users\adith\AppData\Local\Ufodurexuriv.dat
c:\users\adith\AppData\Local\Xmunevedecot.bin
c:\users\adith\AppData\Roaming\LimeWire
c:\users\adith\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\adith\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\adith\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\adith\AppData\Roaming\LimeWire\createtimes.cache
c:\users\adith\AppData\Roaming\LimeWire\downloads.dat
c:\users\adith\AppData\Roaming\LimeWire\fileurns.cache
c:\users\adith\AppData\Roaming\LimeWire\gnutella.net
c:\users\adith\AppData\Roaming\LimeWire\installation.props
c:\users\adith\AppData\Roaming\LimeWire\library.dat
c:\users\adith\AppData\Roaming\LimeWire\library5.dat
c:\users\adith\AppData\Roaming\LimeWire\limewire.props
c:\users\adith\AppData\Roaming\LimeWire\lock
c:\users\adith\AppData\Roaming\LimeWire\mojito.props
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9ABCd01
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\adith\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\adith\AppData\Roaming\LimeWire\player.props
c:\users\adith\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\adith\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\adith\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\adith\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\adith\AppData\Roaming\LimeWire\questions.props
c:\users\adith\AppData\Roaming\LimeWire\responses.cache
c:\users\adith\AppData\Roaming\LimeWire\simpp.xml
c:\users\adith\AppData\Roaming\LimeWire\spam.dat
c:\users\adith\AppData\Roaming\LimeWire\tables.props
c:\users\adith\AppData\Roaming\LimeWire\ttdata.cache
c:\users\adith\AppData\Roaming\LimeWire\ttroot.cache
c:\users\adith\AppData\Roaming\LimeWire\version.xml
c:\users\adith\AppData\Roaming\LimeWire\versions.props
c:\users\adith\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\adith\AppData\Roaming\LimeWire\xml\data\video.sxml3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_yksvc


((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-23 05:37 . 2010-07-23 05:37 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 05:37 . 2010-07-23 05:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-23 05:37 . 2010-07-23 05:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-21 18:06 . 2010-07-21 18:06 -------- d-----w- C:\QUARANTINE
2010-07-21 17:26 . 2009-04-30 01:07 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-07-21 17:26 . 2009-04-30 01:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-07-21 17:26 . 2009-04-30 01:07 70216 ----a-w- c:\windows\system32\mfevtps.exe
2010-07-21 17:26 . 2009-04-30 01:07 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-07-21 17:26 . 2009-04-30 01:07 63696 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2010-07-21 17:26 . 2009-04-30 01:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-07-21 17:26 . 2009-04-30 01:07 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-07-21 17:26 . 2010-07-21 17:26 -------- d-----w- c:\program files\Common Files\McAfee
2010-07-21 17:09 . 2010-07-21 17:09 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-07-20 17:30 . 2010-07-23 05:40 -------- d-----w- c:\users\adith\AppData\Local\temp
2010-07-20 04:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 04:24 . 2010-07-20 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-05 15:17 . 2010-07-05 15:17 -------- d-----w- c:\users\Guest\AppData\Local\Mozilla
2010-07-02 22:24 . 2010-07-02 22:24 -------- d-----w- c:\program files\Freeware PDF Unlocker
2010-06-26 03:38 . 2010-06-26 03:38 -------- d-----w- C:\61cc410b023e524d7069
2010-06-24 08:02 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:02 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:02 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:02 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:02 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:20 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:20 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 02:45 . 2009-08-09 00:03 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2010-07-21 17:26 . 2010-06-02 14:47 -------- d-----w- c:\programdata\McAfee
2010-07-21 17:26 . 2010-06-02 14:47 -------- d-----w- c:\program files\McAfee
2010-07-21 16:59 . 2010-06-02 15:47 -------- d-----w- c:\programdata\Alwil Software
2010-07-14 21:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-11 00:49 . 2009-09-06 02:27 6080 ----a-w- c:\users\adith\AppData\Local\d3d9caps.dat
2010-06-17 05:54 . 2009-12-28 04:05 680 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2010-06-02 14:45 . 2009-10-04 18:59 -------- d-----w- c:\program files\AVS4YOU
2010-06-02 14:40 . 2009-08-09 00:07 -------- d-----w- c:\program files\Windows Live
2010-06-02 14:01 . 2009-10-04 19:35 -------- d-----w- c:\programdata\NCH Software
2010-06-02 04:53 . 2010-06-02 04:53 -------- d-----w- c:\users\adith\AppData\Roaming\Malwarebytes
2010-06-02 04:53 . 2010-06-02 04:53 -------- d-----w- c:\programdata\Malwarebytes
2010-06-02 03:47 . 2010-06-02 03:47 7168 ----a-w- c:\windows\DellBIOS.Sys
2010-06-01 22:58 . 2010-06-01 22:58 -------- d-----w- c:\programdata\WindowsSearch
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\Conduit
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-31 21:10 . 2010-05-31 21:10 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-26 17:06 . 2010-06-10 05:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 05:32 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 19:14 . 2009-10-02 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 17:55 . 2010-05-07 17:55 255472 ----a-w- c:\users\adith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-05-04 05:59 . 2010-06-10 05:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 05:31 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 05:31 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 05:31 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 05:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2009-04-30 01:07 . 2010-07-21 17:26 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-08-09 00:12 . 2009-08-09 00:12 75 --sh--r- c:\windows\CT4CET.bin
2009-08-09 02:26 . 2009-04-11 17:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-15 17:33 2515552 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-15 2515552]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Google Update"="c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-09-06 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-31 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-09-17 2647336]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-09-17 1049896]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-04-30 124240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2009-03-09 374]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-9-17 10994984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-09 00:03 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3e,c0,f8,54,90,9d,ca,01

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2010-06-02 7168]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-04-30 65224]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-05-05 231424]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [2009-04-30 21256]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-04-30 70216]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2009-04-17 636144]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2008-12-31 144128]
S3 OA009Ufd;Creative Camera OA009 Upper Filter Driver;c:\windows\system32\DRIVERS\OA009Ufd.sys [2009-03-06 133632]
S3 OA009Vid;Creative Camera OA009 Function Driver;c:\windows\system32\DRIVERS\OA009Vid.sys [2009-03-19 271552]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-09-17 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-09-17 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-09-17 13440]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930493451-3030701461-2303587639-1000Core.job
- c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-06 00:50]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3930493451-3030701461-2303587639-1000UA.job
- c:\users\adith\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-06 00:50]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{3ED861E9-56F3-474C-AF26-096377D00E92}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Open Picture in &Microsoft PhotoDraw - c:\progra~1\MICROS~3\Office\1033\phdintl.dll/phdContext.htm
FF - ProfilePath - c:\users\adith\AppData\Roaming\Mozilla\Firefox\Profiles\dpuzr4vj.default\
FF - component: c:\program files\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\adith\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\adith\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\adith\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2010-07-23 00:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\SMART Technologies\SMART Board Drivers\Aware.exe
c:\program files\SMART Technologies\SMART Board Drivers\Marker.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\users\adith\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
.
**************************************************************************
.
Completion time: 2010-07-23 00:47:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 05:46
ComboFix2.txt 2010-07-20 17:30

Pre-Run: 150,162,460,672 bytes free
Post-Run: 150,170,275,840 bytes free

- - End Of File - - 66B809AE4691648A5526E62F255B4DB1




And here's the report from Kaspersky Online (this took awhile to run, like a LONG TIME, so sorry for the late reply):

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, July 25, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, July 23, 2010 05:03:30
Records in database: 4229778
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Objects scanned: 152720
Threats found: 6
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 02:43:09


File name / Threat / Threats count
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\35aace80-2d7153e3 Infected: Trojan-Downloader.Java.Agent.eo 1
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\35aace80-2d7153e3 Infected: Exploit.Java.Agent.t 1
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\35aace80-2d7153e3 Infected: Trojan-Downloader.Java.Agent.ep 1
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\32931bd7-77fb5dd8 Infected: Exploit.Java.Agent.f 1
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\175c55de-7cbd36fb Infected: Trojan-Downloader.Java.Agent.ab 1
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\24b191f7-51b19bbb Infected: Exploit.Java.Agent.s 3
C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7b79707a-5088ad26 Infected: Trojan-Downloader.Java.Agent.ab 1

Selected area has been scanned.
holyace2k2 is offline  
Old 07-25-2010, 09:21 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, holyace2k2.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\35aace80-2d7153e3"
"C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\32931bd7-77fb5dd8"
"C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\175c55de-7cbd36fb"
"C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\24b191f7-51b19bbb"
"C:\Users\adith\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\7b79707a-5088ad26"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

I see you already have MBAM on your machine.
  • Launch Malwarebytes' Anti-Malware
  • Under the Update tab, click Check for Updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2010, 09:45 PM   #13
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



It said Deletion Successful Press Any Key To Continue (or something along those lines) and then I pressed any key and it closed and disappeared from teh desktop

I am going to do malware now.
holyace2k2 is offline  
Old 07-25-2010, 09:46 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



It won't take long.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2010, 10:02 PM   #15
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Yeah it did not take long at all, here were the results:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4349

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/25/2010 10:59:28 PM
mbam-log-2010-07-25 (22-59-28).txt

Scan type: Quick scan
Objects scanned: 143124
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
holyace2k2 is offline  
Old 07-25-2010, 10:11 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable McAfee before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder.

------------------------------------------------------
  • Go to Start > Control Panel > System and Maintenance > System > System Protection.
  • Uncheck the checkboxes next to each hard drive listed under the 'Create restore points automatically on the selected disks:' section.
  • When you uncheck a disk you will be presented with a prompt to 'Turn System Protection Off'. Click 'Turn System Protection Off'.
  • Click 'Apply' then 'OK'.
  • Now turn it back on.
  • Go to Start > Control Panel > System and Maintenance > System > System Protection.
  • Check the checkboxes next to each hard drive listed under the 'Create restore points automatically on the selected disks:' section.
  • Click 'Apply' then 'OK'.
  • If you see no restore point exists, please create one.
This will flush out older possibly infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > https://windows.microsoft.com/en-us/w...ce-packs?os=xp

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for both Firefox and IE.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-25-2010, 10:35 PM   #17
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Chemist THANKS SO MUCH for all your help, and going through all these steps with me. I really appreciate it. I knwo you guys have a lot of people to get through, so good luck and keep doing good work man.

I uninstalled everything, and I turned on the virus protection again, but it says Virus Scan is on but is reporting its status to Windows Security Center in a format that is no longer supported. Use this program's updated feature or...

and I am going to look into that. and see what's up with it because McAfee was working fine before. And there is NO update feature on it.
holyace2k2 is offline  
Old 07-25-2010, 11:39 PM   #18
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Let me know how the VirusScan issue goes. Is McAfee a must have? I can recommend better alternatives.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-26-2010, 07:49 AM   #19
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



Actually McAfee is not a must have, it was free for me, are there any free alternatives? That would be awesome if there are some.
holyace2k2 is offline  
Old 07-26-2010, 09:30 AM   #20
Registered Member
 
Join Date: Jul 2010
Posts: 20
OS: WinXP



It was free through my old school, I could try to reinstall it, if that might work. Otherwise would Spyblaster be the better alternative?

Thanks Chemist for all your help
holyace2k2 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:33 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts