Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware Rootkit

Unread postby Mugsz » April 25th, 2010, 3:38 pm

No rush at all on this end. Thanx.
Mugsz
Active Member
 
Posts: 14
Joined: April 15th, 2010, 8:51 pm
Advertisement
Register to Remove

Re: Malware Rootkit

Unread postby Airscape » April 25th, 2010, 9:39 pm

Ok. I read a forum HERE on this site, in which I followed the directions of another helper and downloaded some things. Decided I didnt know what i was doing, i started this post to star from scratch. So, I had no formal help at all. Thanx so for the help so far.

OK thanks for letting me know. While I'm helping you please only follow my advice on cleaning the pc.


Right-click on your copy of ComboFix.exe to copy it and then paste it onto the Desktop before doing the following:

Make sure AVG is still disabled.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

---------------------------------------

Run CFScript
  • Click > Start > Run > type Notepad > click OK
  • Copy/Paste the following text inside the code box into Notepad: (don't include the word code)

    Code: Select all
    KillAll::
    
    File::
    C:\TDSSKiller.2.2.8.1_15.04.2010_19.50.55_log.txt
    C:\avenger.txt
    C:\Documents and Settings\User1\Local Settings\Application Data\ave.exe
    C:\backup.reg
    C:\cleanup.bat
    
    Folder::
    c:\documents and settings\User1\Application Data\LimeWire(2)
    c:\program files\LimeWire(2)
    c:\program files\uTorrent
    c:\documents and settings\User1\Application Data\uTorrent
    C:\Documents and Settings\User1\Application Data\LimeWire(2)
    C:\Avenger
    
    Registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
    "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"=-
    "C:\Program Files\uTorrent\uTorrent.exe"=-
    
    DDS::
    mPolicies-system: EnableLUA = 0 (0x0)
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    IE: Crawler Search - tbr:iemenu
    Trusted Zone: buy-security-essentials.com
    Trusted Zone: download-soft-package.com
    Trusted Zone: download-software-package.com
    Trusted Zone: get-key-se10.com
    Trusted Zone: is-software-download.com
    Trusted Zone: buy-security-essentials.com
    Trusted Zone: get-key-se10.com

  • Goto File > Save as... and save it CFScript.txt
  • Now drag the CFScript.txt file into ComboFix.exe as shown in the animation below... This will start ComboFix again.

    Image
  • The tool may require a reboot - this is normal.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


--------------------------------------------

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

---------------------------------

Download/Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to restart to finish cleaning.... see Extra Note below.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Please post this log in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.

----------------------------------

Logs/Information to post in next reply:
  • ComboFix.txt
  • MBAM log
  • New HijackThis log
  • How is the pc running now?
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Malware Rootkit

Unread postby Mugsz » April 26th, 2010, 7:35 pm

Airscape!!!!!!!!!! Hey yo....YOU are the MAN/WOMAN!!!! LMAO!!!

Just the fact I was able to even ACCESS the Malwarebytes PAGE was a miracle in itself! It's running very smoothly. Right now, I'm enabling the Resident Shield on my AVG and nothing else but waiting. But, I feel a lot better than I did a week ago! Thanx again....so far!

Mugsz

ComboFix 10-04-26.02 - User1 04/26/2010 18:47:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.460 [GMT -4:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User1\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\avenger.txt"
"C:\backup.reg"
"C:\cleanup.bat"
"c:\documents and settings\User1\Local Settings\Application Data\ave.exe"
"C:\TDSSKiller.2.2.8.1_15.04.2010_19.50.55_log.txt"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\avenger.txt
C:\backup.reg
C:\cleanup.bat
c:\documents and settings\User1\Application Data\LimeWire(2)
c:\documents and settings\User1\Application Data\LimeWire(2)\active.mojito
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xul-v2.0b2.5-do-not-remove
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\branding.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\classic.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\comm.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\en-US.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\limewire.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\pippki.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\chrome(2)\toolkit.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\accessibility-msaa.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\accessibility.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\alerts.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\appshell.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\appshell_modal.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\appstartup.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\autocomplete.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\autoconfig.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\caps.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\chardet.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\chrome.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\commandhandler.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\commandlines.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\composer.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_html.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_htmldoc.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_xmldoc.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_xslt.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\content_xtf.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\contentprefs.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\cookie.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\directory.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\docshell_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_canvas.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_core.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_css.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_events.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_html.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_json.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_loadsave.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_offline.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_range.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_sidebar.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_storage.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_stylesheets.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_svg.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_traversal.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_views.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_xbl.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_xpath.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\dom_xul.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\downloads.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\editor.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\embed_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\extensions.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\exthandler.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\exthelper.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\fastfind.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\FeedProcessor.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\feeds.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\find.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\gfx.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\htmlparser.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\imgicon.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\imglib2.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\inspector.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\intl.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\jar.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\jsconsole-clhandler.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\jsdservice.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\layout_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\layout_printing.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\layout_xul.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\layout_xul_tree.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\locale.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\loginmgr.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\lwbrk.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\mimetype.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\mozbrwsr.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\mozfind.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_about.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_cache.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_cookie.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_dns.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_file.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_ftp.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_http.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_res.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_socket.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_strconv.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\necko_viewsource.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsAddonRepository.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsBadCertHandler.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsBlocklistService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsContentDispatchChooser.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsContentPrefService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsDefaultCLH.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsDictionary.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsDownloadManagerUI.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsExtensionManager.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsHandlerService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsHelperAppDlg.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsLivemarkService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsLoginInfo.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsLoginManager.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsLoginManagerPrompter.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsPostUpdateWin.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsProgressDialog.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsProxyAutoConfig.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsResetPref.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsTaggingService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsTryToClose.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsUpdateService.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsURLFormatter.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsWebHandlerApp.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsXmlRpcClient.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\nsXULAppInstall.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\oji.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\parentalcontrols.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\pipboot.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\pipnss.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\pippki.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\places.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\plugin.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\pluginGlue.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\pref.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\prefetch.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\profile.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\proxyObject.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\rdf.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\satchel.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\saxparser.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\shistory.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\spellchecker.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\storage-Legacy.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\storage.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\toolkitprofile.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\txEXSLTRegExFunctions.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\txmgr.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\txtsvc.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\uconv.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\unicharutil.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\update.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\uriloader.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\urlformatter.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\webBrowser_core.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\webbrowserpersist.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\webshell_idls.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\widget.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\windowds.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\windowwatcher.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xml-rpc.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_base.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_components.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_ds.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_io.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_system.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_thread.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpcom_xpti.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpconnect.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xpinstall.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xulapp.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xulapp_setup.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xuldoc.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\xultmpl.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\components(2)\zipwriter.xpt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\autoconfig(2)\platform.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\autoconfig(2)\prefcalls.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\pref(2)\xulrunner.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\chrome(2)\userChrome-example.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\chrome(2)\userContent-example.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\localstore.rdf
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\US(2)\chrome(2)\userChrome-example.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\US(2)\chrome(2)\userContent-example.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\defaults(2)\profile(2)\US(2)\localstore.rdf
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\dependentlibs.list
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\dictionaries(2)\en-US.aff
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\dictionaries(2)\en-US.dic
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\freebl3.chk
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\greprefs(2)\all.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\greprefs(2)\security-prefs.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\greprefs(2)\xpinstall.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\javaxpcom.jar
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\LICENSE
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\debug.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\DownloadUtils.jsm
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\ISO8601DateUtils.jsm
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\JSON.jsm
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\Microformats.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\PluralForm.jsm
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\utils.js
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\modules(2)\XPCOMUtils.jsm
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\README.txt
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\arrow.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\arrowd.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\broken-image.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\contenteditable.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\designmode.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\dtd(2)\mathml.dtd
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\dtd(2)\xhtml11.dtd
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\EditorOverride.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\forms.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\grabber.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\hiddenWindow.html
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\html(2)\folder.png
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\html.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\loading-image.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\mathml.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\quirk.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\svg.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-after-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-after-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-after.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-before-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-before-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-column-before.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-after-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-after-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-after.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-before-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-before-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-add-row-before.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-column-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-column-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-column.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-row-active.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-row-hover.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\table-remove-row.gif
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\ua.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\res(2)\viewsource.css
c:\documents and settings\User1\Application Data\LimeWire(2)\browser(2)\xulrunner(2)\softokn3.chk
c:\documents and settings\User1\Application Data\LimeWire(2)\certificate(2)\limewire.keystore
c:\documents and settings\User1\Application Data\LimeWire(2)\createtimes.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\downloads.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\fileurns.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\gnutella.net
c:\documents and settings\User1\Application Data\LimeWire(2)\installation.props
c:\documents and settings\User1\Application Data\LimeWire(2)\library.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\library5.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\libtorrent\libtorrentdht.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\limewire.props
c:\documents and settings\User1\Application Data\LimeWire(2)\lock
c:\documents and settings\User1\Application Data\LimeWire(2)\mojito.props
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\.autoreg
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\_CACHE_001_
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\_CACHE_002_
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\_CACHE_003_
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\_CACHE_MAP_
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\280E3FA7d01
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\7BD6A121d01
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\AE98BDEDd01
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\BAFF9A9Bd01
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\Cache(2)\F9D3E29Fd01
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\cert8.db
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\compreg.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\cookies.sqlite
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\downloads.sqlite
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\extensions.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\history.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\key3.db
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\permissions.sqlite
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\places.sqlite-journal
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\places.sqlite
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\pluginreg.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\prefs.js
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\secmod.db
c:\documents and settings\User1\Application Data\LimeWire(2)\mozilla-profile(2)\xpti.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\player.props
c:\documents and settings\User1\Application Data\LimeWire(2)\promotion(2)\promodb.backup
c:\documents and settings\User1\Application Data\LimeWire(2)\promotion(2)\promodb.script
c:\documents and settings\User1\Application Data\LimeWire(2)\questions.props
c:\documents and settings\User1\Application Data\LimeWire(2)\responses.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\simpp.xml
c:\documents and settings\User1\Application Data\LimeWire(2)\spam.dat
c:\documents and settings\User1\Application Data\LimeWire(2)\tables.props
c:\documents and settings\User1\Application Data\LimeWire(2)\ttdata.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\ttroot.cache
c:\documents and settings\User1\Application Data\LimeWire(2)\version.xml
c:\documents and settings\User1\Application Data\LimeWire(2)\versions.props
c:\documents and settings\User1\Application Data\LimeWire(2)\xml(2)\data(2)\audio.sxml3
c:\documents and settings\User1\Application Data\LimeWire(2)\xml(2)\data(2)\torrent.sxml3
c:\documents and settings\User1\Application Data\uTorrent
c:\documents and settings\User1\Application Data\uTorrent\10 - Pitbull - I Know You Want Me (Calle Ocho).mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\20 - Lil.Wayne - Kush.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\50 Cent - Baby By Me (Remix)(Feat. Ne-Yo)(Prod. By Polow Da Don) [everyoneloveshiphop.com].mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\50 Cent - Before I Self Destruct (2009) [VBR V2].1.torrent
c:\documents and settings\User1\Application Data\uTorrent\50 Cent - Before I Self Destruct (2009) [VBR V2].2.torrent
c:\documents and settings\User1\Application Data\uTorrent\50 Cent - Before I Self Destruct (2009) [VBR V2].torrent
c:\documents and settings\User1\Application Data\uTorrent\50 Cent - Get Rich Or Die Tryin Soundtrack (2005).torrent
c:\documents and settings\User1\Application Data\uTorrent\50.Cent-Before.I.Self.Destruct-(Retail)-2009-[NoFS].torrent
c:\documents and settings\User1\Application Data\uTorrent\9th Wonder.torrent
c:\documents and settings\User1\Application Data\uTorrent\Advanced System Optimizer v2.0.1.4 (http://www.WarezDDL.Us).rar.torrent
c:\documents and settings\User1\Application Data\uTorrent\Advanced System Optimizer.rar.torrent
c:\documents and settings\User1\Application Data\uTorrent\Alicia Keys- Doesn't Mean Anything.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Arabia With love Vol.1 2009.torrent
c:\documents and settings\User1\Application Data\uTorrent\Arabic Love.torrent
c:\documents and settings\User1\Application Data\uTorrent\ArtyTorrent Pack 84-Loopmasters Prdcr Essntls pt2-Drum Oneshots.torrent
c:\documents and settings\User1\Application Data\uTorrent\Attention Deficit.torrent
c:\documents and settings\User1\Application Data\uTorrent\BlakRoc - BlakRoc -2009.torrent
c:\documents and settings\User1\Application Data\uTorrent\CCleaner.torrent
c:\documents and settings\User1\Application Data\uTorrent\CD - Rick Ross - Trilla.torrent
c:\documents and settings\User1\Application Data\uTorrent\Chris Brown Ft.Lil Wayne - I Can Transform Ya [2009][Single][Musicroutes.Blogspot] [caprio4us].mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Chris_Brown_feat_Lil_Wayne_and_Swizz_Beatz-I_Can_Transform_Ya(Galaxy_Edition)_Promo_CDS-2009-FFF.torrent
c:\documents and settings\User1\Application Data\uTorrent\Clipse feat. Pharrell Williams - I'm Good.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Consequence_Feat._Kanye_West_And_John_Legend-Whatever_U_Want-(Promo_CDS)-2009.torrent
c:\documents and settings\User1\Application Data\uTorrent\Curren$y - Independence Day.torrent
c:\documents and settings\User1\Application Data\uTorrent\David Banner - Play (Dirty).mp3.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\David Banner - Play (Dirty).mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\dht.dat
c:\documents and settings\User1\Application Data\uTorrent\dht.dat.old
c:\documents and settings\User1\Application Data\uTorrent\DJ Delz Presents Biggie Smalls is The illest-MF-.torrent
c:\documents and settings\User1\Application Data\uTorrent\Drake - Heartbreak Drake 3-2009-MIXFIEND.torrent
c:\documents and settings\User1\Application Data\uTorrent\Drumkits.torrent
c:\documents and settings\User1\Application Data\uTorrent\ejaculation mastery.zip.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\ejaculation mastery.zip.torrent
c:\documents and settings\User1\Application Data\uTorrent\FAT JOE - Jealous Ones Still Envy 2 JOSE 2 RETAIL GROUPRIP FULL ALBUM _ http://www.newhiphoprbrapmusic4.blogspot.com.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\FAT JOE - Jealous Ones Still Envy 2 JOSE 2 RETAIL GROUPRIP FULL ALBUM _ http://www.newhiphoprbrapmusic4.blogspot.com.torrent
c:\documents and settings\User1\Application Data\uTorrent\Ghostface Killah - Discography.torrent
c:\documents and settings\User1\Application Data\uTorrent\Ghostface_Killah-Ghostdini_Wizard_Of_Poetry_In_Emerald_City-[www.getsometunes.co.uk].torrent
c:\documents and settings\User1\Application Data\uTorrent\Gil Scott-Heron.torrent
c:\documents and settings\User1\Application Data\uTorrent\Gucci Mane - The Gooch (2009) [Qwizie].torrent
c:\documents and settings\User1\Application Data\uTorrent\Gucci Mane Ft Plies - Wasted.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Gucci.Mane-Writing.On.The.Wall-(Bootleg)-2009-[NoFS].torrent
c:\documents and settings\User1\Application Data\uTorrent\Gucci_Mane-Wasted_Remix_(Feat._Lil_Wayne_Plies_and_Oj_Da_Juiceman)-(Promo)-2009-DjLeak.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\Gucci_Mane-Wasted_Remix_(Feat._Lil_Wayne_Plies_and_Oj_Da_Juiceman)-(Promo)-2009-DjLeak.torrent
c:\documents and settings\User1\Application Data\uTorrent\Haifa Wahbi 2 Albums + Unsorted + Live Paris.torrent
c:\documents and settings\User1\Application Data\uTorrent\Hot Riddim.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jason DeRulo - Whatcha Say - Single.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jay-Z - The Blueprint 3 (2009) - Rap [www.torrentazos.com].torrent
c:\documents and settings\User1\Application Data\uTorrent\Jay Sean - Down (feat. Lil' Wayne) - HotNewHipHop.com.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jazz.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jazz.2.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jazz.3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Jazz.torrent
c:\documents and settings\User1\Application Data\uTorrent\jv16 PowerTools 2009 1.9.1.606 Final Incl LICENSE.torrent
c:\documents and settings\User1\Application Data\uTorrent\kanye west- the remixes.torrent
c:\documents and settings\User1\Application Data\uTorrent\Kanye West - Graduation (2007).torrent
c:\documents and settings\User1\Application Data\uTorrent\Kanye West - Graduation.torrent
c:\documents and settings\User1\Application Data\uTorrent\Kanye West - Late Registration.torrent
c:\documents and settings\User1\Application Data\uTorrent\Leak City & OJ Da Juiceman - Trap Bunk.torrent
c:\documents and settings\User1\Application Data\uTorrent\Lil Wayne - On Fire Djleak.Com.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Lil Wayne - Swag Surfin.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Lil Wayne - Wasted.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Little Brother - And Justus For All (2008) - Hip Hop.torrent
c:\documents and settings\User1\Application Data\uTorrent\Little Brother - GetBack.torrent
c:\documents and settings\User1\Application Data\uTorrent\Little Brother - The Minstrel Show.torrent
c:\documents and settings\User1\Application Data\uTorrent\Love VS. Money.torrent
c:\documents and settings\User1\Application Data\uTorrent\Mike Epps- Under Rated ... Never Faded & X-Rated_SHOWHD_09_10_2009_23_58_09.dvr-ms.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\Mike Epps- Under Rated ... Never Faded & X-Rated_SHOWHD_09_10_2009_23_58_09.dvr-ms.torrent
c:\documents and settings\User1\Application Data\uTorrent\Mike.Epps.Under.Rated.Never.Faded.DVDRiP.XViD.torrent
c:\documents and settings\User1\Application Data\uTorrent\More Than a Game (2009).Dvd-HQ-Xvid.bns.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\More Than a Game (2009).Dvd-HQ-Xvid.bns.torrent
c:\documents and settings\User1\Application Data\uTorrent\N.O.R.E - S.O.R.E (2009) - Rap.torrent
c:\documents and settings\User1\Application Data\uTorrent\No ceilings.torrent
c:\documents and settings\User1\Application Data\uTorrent\Peggy Lee - Bewitching Lee.torrent
c:\documents and settings\User1\Application Data\uTorrent\Pitbull - Hotel Room Service (2009).AVI.torrent
c:\documents and settings\User1\Application Data\uTorrent\Playaz Circle - Flight 360 The Takeoff (2009) - Rap [www.torrentazos.com].torrent
c:\documents and settings\User1\Application Data\uTorrent\R.Kelly ft.Keri Hilson - Number One (2009.JB59).AVI.torrent
c:\documents and settings\User1\Application Data\uTorrent\Redman - Muddy Waters.torrent
c:\documents and settings\User1\Application Data\uTorrent\resume.dat
c:\documents and settings\User1\Application Data\uTorrent\resume.dat.old
c:\documents and settings\User1\Application Data\uTorrent\rss.dat
c:\documents and settings\User1\Application Data\uTorrent\rss.dat.old
c:\documents and settings\User1\Application Data\uTorrent\Saigon-All_In_A_Days_Work_(With_Statik_Selektah)-Retail-2009-HiPNOTAJZ.torrent
c:\documents and settings\User1\Application Data\uTorrent\Sean Price - Master P (2007) - Hip Hop.www.lokotorrents.com.torrent
c:\documents and settings\User1\Application Data\uTorrent\settings.dat
c:\documents and settings\User1\Application Data\uTorrent\settings.dat.old
c:\documents and settings\User1\Application Data\uTorrent\Shyne - Shyne.torrent
c:\documents and settings\User1\Application Data\uTorrent\Skyzoo - The Salvation (2009) - Rap [www.torrentazos.com].torrent
c:\documents and settings\User1\Application Data\uTorrent\Slum Village - Fantastic. vol. 2.torrent
c:\documents and settings\User1\Application Data\uTorrent\Soulja Boy - Playball (Feat Drake) - Theinfamoussyndicate.blogspot.com.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Soundfx.dk - Piano Loop Audio Pack 2.torrent
c:\documents and settings\User1\Application Data\uTorrent\Tapemasters_Inc._and_Drake_Born_Successful_2_(Re-Loaded_Edition)-2009-DjLeak.torrent
c:\documents and settings\User1\Application Data\uTorrent\The-Dream-Fancy_(Galaxy_Edition)--2009-gaLAXy.mp3.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\The-Dream-Fancy_(Galaxy_Edition)--2009-gaLAXy.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\The Complete Ken Burns Jazz Series - 22 Albums.torrent
c:\documents and settings\User1\Application Data\uTorrent\The Hangover (2009) DVDSCR-MAXSPEED.torrent
c:\documents and settings\User1\Application Data\uTorrent\The Taking of Pelham 1 2 3[2009]DvDrip-aXXo.torrent
c:\documents and settings\User1\Application Data\uTorrent\Trey.Songz-Ready-(Retail)-2009-[NoFS].torrent
c:\documents and settings\User1\Application Data\uTorrent\Twista_Feat_Erika_Shevon-Wetter-(Promo_CDS)-2009-VAG.torrent
c:\documents and settings\User1\Application Data\uTorrent\utorrent.lng
c:\documents and settings\User1\Application Data\uTorrent\VA-DJ Luis And Chalie Boy - Hustle Music 3 & 3.9 (4CD)-2009-MIXFIEND.torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-DJ Scope - Reggae Picks 21-2009-MIXFIEND.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-DJ Scope - Reggae Picks 21-2009-MIXFIEND.torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-DJ_Kenny-Juggling_09-2009-DjLeak.torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-Mick_Boogie_Lil_Wayne_&_Currency-Dirty_Work_14_(The_Color_Of_Money)-(Bootleg)-2006.torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-Nos-NoFS.The.Mixtape.Vol.12-(Bootleg)-2009-[NoFS].torrent
c:\documents and settings\User1\Application Data\uTorrent\VA-Sinister Shan - Reggae Classics Vol 2-2009-MIXFIEND.torrent
c:\documents and settings\User1\Application Data\uTorrent\Young Jeezy-24 23.mp3.1.torrent
c:\documents and settings\User1\Application Data\uTorrent\Young Jeezy-24 23.mp3.2.torrent
c:\documents and settings\User1\Application Data\uTorrent\Young Jeezy-24 23.mp3.torrent
c:\documents and settings\User1\Application Data\uTorrent\Young Money Is The Army.torrent
c:\documents and settings\User1\Application Data\uTorrent\Young_Buck_-_Straight_Outta_Cashville-2004-SMO.torrent
c:\program files\LimeWire(2)
c:\program files\LimeWire(2)\Buy LimeWire PRO.url
c:\program files\LimeWire(2)\COPYING
c:\program files\LimeWire(2)\data.ser
c:\program files\LimeWire(2)\inspection.props
c:\program files\LimeWire(2)\install.log
c:\program files\LimeWire(2)\language.prop
c:\program files\LimeWire(2)\lib(2)\LimeWire.jar
c:\program files\LimeWire(2)\root(2)\magnet10(2)\badge.img
c:\program files\LimeWire(2)\root(2)\magnet10(2)\canHandle.img
c:\program files\LimeWire(2)\root(2)\magnet10(2)\limewire.gif
c:\program files\LimeWire(2)\root(2)\magnet10(2)\options.js
c:\program files\LimeWire(2)\root(2)\magnet10(2)\silentdetect.js
c:\program files\LimeWire(2)\SOURCE
c:\program files\LimeWire(2)\spacer.gif
c:\program files\LimeWire(2)\unpack.log
C:\TDSSKiller.2.2.8.1_15.04.2010_19.50.55_log.txt

.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 22:40 . 2010-04-26 22:40 242696 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-26 22:40 . 2010-04-26 22:40 -------- d-----w- c:\program files\ERUNT
2010-04-26 22:39 . 2010-04-26 22:39 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-24 20:14 . 2010-04-24 20:15 -------- d-----w- C:\rsit
2010-04-18 20:09 . 2010-04-18 20:09 -------- d-----w- c:\program files\Trend Micro
2010-04-14 13:30 . 2010-04-14 13:30 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-04-14 13:30 . 2010-04-14 13:30 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-04-14 13:30 . 2010-04-14 13:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-14 13:26 . 2010-04-14 13:26 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-13 07:42 . 2008-04-14 09:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-04-13 07:42 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-04-13 07:42 . 2008-04-14 04:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-04-13 07:42 . 2008-04-14 04:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-04-13 06:42 . 2010-04-13 06:42 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 22:40 . 2010-02-21 23:25 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-25 15:07 . 2010-02-23 01:36 0 ----a-w- c:\documents and settings\User1\Local Settings\Application Data\prvlcl.dat
2010-04-15 23:53 . 2008-04-13 22:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-14 13:30 . 2010-02-21 23:25 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-14 13:29 . 2010-02-21 23:25 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-13 23:47 . 2010-03-12 23:03 -------- d-----w- c:\program files\Bonjour
2010-04-13 23:47 . 2010-03-12 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-13 23:46 . 2010-03-12 23:03 -------- d-----w- c:\program files\iTunes
2010-04-13 23:45 . 2010-03-12 23:01 -------- d-----w- c:\program files\QuickTime
2010-04-13 06:40 . 2010-03-12 23:05 -------- d-----w- c:\documents and settings\User1\Application Data\Apple Computer
2010-04-07 08:25 . 2010-01-02 02:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-18 20:08 . 2010-03-18 20:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-03-15 01:27 . 2010-03-15 01:27 56136 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-12 23:13 . 2009-10-28 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-12 23:04 . 2010-03-12 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-03-12 23:03 . 2010-03-12 23:03 -------- d-----w- c:\program files\iPod
2010-03-12 23:03 . 2009-10-28 17:38 -------- d-----w- c:\program files\Common Files\Apple
2010-03-10 20:05 . 2010-02-20 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-10 06:15 . 2008-04-14 03:42 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 19:49 . 2009-10-08 04:13 -------- d-----w- c:\documents and settings\User1\Application Data\Ahead
2010-02-25 06:24 . 2008-04-14 03:42 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-13 22:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:40 . 2010-02-19 23:40 4 ----a-w- c:\windows\system32\aspdict-en.dat
2010-02-19 23:40 . 2010-02-19 23:40 16 ----a-w- c:\windows\system32\asdict.dat
2010-02-17 13:10 . 2008-04-13 22:57 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2008-04-14 03:41 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-13 22:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 23:53 . 2009-10-07 12:30 68456 ----a-w- c:\documents and settings\User1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 22:46 . 2009-10-08 04:29 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-25_15.01.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-26 07:19 . 2010-04-26 07:19 16384 c:\windows\Temp\Perflib_Perfdata_790.dat
+ 2008-04-14 03:42 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2008-04-14 03:42 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2009-03-08 08:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 08:31 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
+ 2009-10-14 01:23 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-10-14 01:23 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-14 01:23 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-10-14 01:23 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 03:41 . 2010-01-13 14:01 86016 c:\windows\system32\dllcache\cabview.dll
+ 2008-04-14 03:41 . 2010-01-13 14:01 86016 c:\windows\system32\cabview.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2008-04-14 03:42 . 2009-12-24 06:59 177664 c:\windows\system32\wintrust.dll
- 2008-04-14 03:42 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2008-04-14 03:42 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2009-03-08 08:32 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-08 08:32 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
- 2008-04-14 03:41 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2008-04-14 03:41 . 2009-12-09 05:53 726528 c:\windows\system32\jscript.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
- 2008-04-14 03:42 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 03:42 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2008-04-14 03:42 . 2009-12-24 06:59 177664 c:\windows\system32\dllcache\wintrust.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 03:42 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-04-14 03:42 . 2010-03-10 06:15 420352 c:\windows\system32\dllcache\vbscript.dll
- 2008-04-14 03:42 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2008-04-13 22:30 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-04-14 03:42 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 03:42 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
- 2008-04-14 03:42 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-10-14 01:23 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2009-10-14 01:23 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-10-08 03:48 . 2010-02-24 13:11 455680 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-04-14 03:41 . 2009-12-09 05:53 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-04-14 03:41 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-10-14 01:23 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 03:41 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 03:41 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-14 03:42 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 03:42 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-04-14 03:41 . 2010-02-12 04:33 100864 c:\windows\system32\dllcache\6to4svc.dll
+ 2010-04-26 07:01 . 2009-03-08 08:33 420352 c:\windows\ie8updates\KB981332-IE8\vbscript.dll
+ 2010-04-26 07:01 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB981332-IE8\spuninst\updspapi.dll
+ 2010-04-26 07:01 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB981332-IE8\spuninst\spuninst.exe
+ 2010-04-26 07:00 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-26 07:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-26 07:00 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-26 07:00 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-26 07:00 . 2009-03-08 08:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-26 07:00 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2010-04-26 07:03 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-04-26 07:03 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-04-26 07:03 . 2009-06-22 06:44 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2010-04-26 22:41 . 2010-04-26 22:41 200704 c:\windows\ERDNT\4-26-2010\Users\00000002\UsrClass.dat
+ 2010-04-26 22:41 . 2005-10-20 16:02 163328 c:\windows\ERDNT\4-26-2010\ERDNT.EXE
+ 2009-10-08 03:48 . 2010-02-24 13:11 455680 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-04-14 03:42 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
- 2009-03-08 08:32 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-03-08 08:32 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
+ 2008-04-14 03:42 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-10-08 03:48 . 2010-02-17 13:10 2189952 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-10-08 03:48 . 2010-02-16 13:25 2024448 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-10-08 03:48 . 2010-02-16 14:08 2146304 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-04-14 03:42 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2009-10-07 09:40 . 2008-04-14 03:42 3558912 c:\windows\system32\dllcache\moviemk.exe
+ 2009-10-07 09:40 . 2009-10-23 15:28 3558912 c:\windows\system32\dllcache\moviemk.exe
- 2009-10-14 01:23 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2009-10-14 01:23 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2010-04-26 22:41 . 2010-04-26 22:41 3375104 c:\windows\ERDNT\4-26-2010\Users\00000001\NTUSER.DAT
+ 2009-10-08 03:48 . 2010-02-17 13:10 2189952 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-10-08 03:48 . 2010-02-16 13:25 2024448 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 23:02 . 2010-02-16 13:25 2066816 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-10-08 03:48 . 2010-02-16 14:08 2146304 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-10-14 01:19 . 2010-04-06 14:52 31971272 c:\windows\system32\MRT.exe
+ 2009-03-08 08:39 . 2010-02-25 15:54 11070976 c:\windows\system32\ieframe.dll
+ 2009-10-14 01:23 . 2010-02-25 15:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-26 07:00 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-14 13:30 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-25 09:23 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
compapir REG_SZ c:\windows\system32\netsoute.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/21/2010 7:25 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/21/2010 7:25 PM 242896]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/14/2010 9:30 AM 308064]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R3 es1969;ESS 1969 Audio Driver (WDM);c:\windows\system32\drivers\es1969.sys [10/17/2009 1:54 PM 72192]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{C5F1DECB-A9A6-4168-8F70-2973C3C2E9F8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\upqbty8g.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 18:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-26 18:57:17
ComboFix-quarantined-files.txt 2010-04-26 22:57
ComboFix2.txt 2010-04-25 15:05

Pre-Run: 4,370,509,824 bytes free
Post-Run: 4,334,456,832 bytes free

- - End Of File - - 5A108AC07209F16F553CE181BFBC3665



Malwarebytes' Anti-Malware 1.45
http://www.malwarebytes.org

Database version: 4040

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/26/2010 7:21:07 PM
mbam-log-2010-04-26 (19-21-07).txt

Scan type: Quick scan
Objects scanned: 101664
Time elapsed: 4 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User1\My Documents\downloads\PerfectOptimizer(2).exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\User1\My Documents\downloads\PerfectOptimizer.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:06 PM, on 4/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4893 bytes
Mugsz
Active Member
 
Posts: 14
Joined: April 15th, 2010, 8:51 pm

Re: Malware Rootkit

Unread postby Airscape » April 27th, 2010, 11:44 am

I'm enabling the Resident Shield on my AVG and nothing else but waiting.

Now would be a good time yes. May be worth updating it then running a full scan.


Uninstall programs
Click Start > Control Panel > Add/Remove Programs
Find and click Remove for the following:

Adobe Reader 9.2
Java(TM) 6 Update 15


-------------------------------

Install the latest Adobe Reader
There have been vulnerabilities detected in older versions of Adobe Reader. It is strongly recommended that you update to the latest version.
  • Download Adobe Reader from Here
  • Save AdbeRdr930_en_US.exe to a convienient location.
  • Run this file and follow the on screen instructions to install the latest Adobe.

If you don't like Adobe Reader, then I would recommend to get Foxit PDF Reader
It is a much smaller file to download and uses a lot less resources than Adobe Reader.
When installing Foxit Reader be careful not to install anything to do with the AskBar

--------------------------------

Install the latest Java
  • Older versions have vulnerabilities that malware can use to infect your system.
  • Click Here to download the latest version of Java.
  • Click Windows 7/XP/Vista/2003/2008 offline
  • Save jre-6u20-windows-i586-S.exe to a convenient location.
  • Run this file and follow the on screen instructions to install java.

----------------------------------

Fix HijackThis lines
  • Run HijackThis
  • Click Do a system scan only
  • Place a tick next to the following lines (if present)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

  • Close ALL browsers/windows except HijackThis and click on Fix Checked. Close HJT.

---------------------------------

TFC(Temp File Cleaner):
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted.
It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

---------------------------------

Kaspersky online scan
Please go to Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases

  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
This online tutorial will help explain how to use the aforementioned online scan.
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Malware Rootkit

Unread postby Mugsz » April 30th, 2010, 6:45 am

Sorry for the delay...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 30, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, April 29, 2010 21:23:06
Records in database: 4004514
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 88599
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:29:42


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\000001f3.tmp.vir Infected: Trojan.Win32.Cosmu.mdx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\0000254f.tmp.vir Infected: Trojan.Win32.Cosmu.mdx 1

Selected area has been scanned.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:35 AM, on 4/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5151 bytes
Mugsz
Active Member
 
Posts: 14
Joined: April 15th, 2010, 8:51 pm

Re: Malware Rootkit

Unread postby Airscape » April 30th, 2010, 1:17 pm

Well done your pc now appears to be Malware free. Please advise on any problems you still have.

Don't forget to re-enable any protection programs you may have disabled during the fix.

Please delete the Gmer random.exe file. It should look like this yzjpnmxk.exe on your desktop.
Remove the Kaspersky online scanner through Control Panel > Add/Remove Programs (if present)
You can keep TFC.exe to clean out temporary files. I recommend running it once or twice a week.

Uninstall ComboFix
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image

The above will implement some cleanup procedures as well as reset System Restore points.

Clean up with OTC
  • Download OTC by Old Timer here and save it to your desktop.
  • Double click on OTC.exe. Click on CleanUp!.
  • You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
  • It will restart your computer automatically. If it doesn't, please restart your computer manually.

The above will remove the majority of tools/scans used in the removal process. If any still exist, please delete them yourself.

--------------------------------------------------

Now some advice for keeping your pc safe and secure for the future:

  • Malwarebytes' Anti-Malware
    This is an excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
  • Other installed security software
    Your presently installed security application AVG automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing an internet connection is active. I advise you also run a complete scan with this also once per week.
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note:The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector or F-secure Health Check. I suggest that you run one of them at least once a month.

Recommended Programs

I would recommend the download and installation of some or all of the following programs and the updating of them on a regular basis.

  • WinPatrol
    As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit Here
  • SpywareBlaster
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. You can download SpywareBlaster from Here
  • Analog X Script Defender
    This will prevent malicious scripts from running on your pc by giving you the option to allow a script or not. Download it Here
  • Install a Third Party Firewall.
    A Firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world.
    If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections.
    This means that any malware on your computer is free to "phone home" for more instructions. Below is a list of free firewalls I recommend you to install.
    Note:Do NOT use more than one firewall at a time as they will interfere with each other.

    Online Armour
    PC Tools Firewall Plus

Finally I am trying to make one point very clear. It is ABSOLUTELY ESSENTIAL to keep all of your security programs up to date.

I'd be grateful if you could reply to this post so that I know you have read it, and if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
Airscape
Regular Member
 
Posts: 1858
Joined: November 1st, 2008, 11:06 pm

Re: Malware Rootkit

Unread postby Mugsz » April 30th, 2010, 7:44 pm

Airscape.... I really appreciate your hard work and effort. Thanx for your time and patience as well! Thanx for the recommendations as well. I will remain clean!!


Thanx again,

Mugsz
Mugsz
Active Member
 
Posts: 14
Joined: April 15th, 2010, 8:51 pm

Re: Malware Rootkit

Unread postby jmw3 » May 1st, 2010, 6:28 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware