Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Incomplete Repair

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Incomplete Repair

Unread postby gtmaster303 » September 3rd, 2010, 7:43 pm

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:32:39 PM, on 9/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Neil\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 6034 bytes

Topic was closed before completion, even though I informed the person helping me, that it would take me while to respond.
A LOT of work was done already, but not finished.
Link to old topic can be provided upon request.
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm
Advertisement
Register to Remove

Re: Incomplete Repair

Unread postby MWR 3 day Mod » September 6th, 2010, 10:35 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Incomplete Repair

Unread postby turtledove » September 8th, 2010, 4:12 am

Good Day gtmaster303,

I'll check your new log, will be back as soon as possible.
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby turtledove » September 11th, 2010, 7:28 pm

Good Day gtmaster303,

**Please copy or print these instructions, as you will need to be off the internet during part of this step.
Vista: Right Click and Select Run as Administrator for each tool/scan.


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image

  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


Next

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



**Re enable your Anti Virus/Firewall before reconnecting to the internet**

Post
C:\ComboFix.txt
Any problems
How your system is now
When you will be back/if you are back from your trip out of town

Thank you :)
turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby gtmaster303 » September 11th, 2010, 10:23 pm

ComboFix 10-09-11.02 - Neil 09/11/2010 22:04:55.1.2 - x86
Running from: c:\users\Neil\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Taskmgr.exe
c:\windows\clofghls.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
.

2010-09-12 02:14 . 2010-09-12 02:15 -------- d-----w- c:\users\Neil\AppData\Local\temp
2010-09-12 02:14 . 2010-09-12 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-12 01:50 . 2010-09-12 01:50 -------- d-----w- c:\program files\ERUNT
2010-09-09 03:20 . 2010-09-09 03:20 -------- d-----w- c:\users\Neil\AppData\Local\GMail Drive
2010-09-09 03:19 . 2010-09-11 04:53 -------- d-----w- c:\windows\system32\ShellExt
2010-09-09 01:47 . 2010-09-09 01:59 -------- d-----w- c:\program files\uTorrent
2010-08-29 15:46 . 2010-08-29 15:46 -------- d-----w- c:\users\Neil\Office Genuine Advantage
2010-08-19 19:01 . 2010-08-19 19:01 -------- d-----w- C:\rsit
2010-08-19 18:33 . 2010-04-19 14:25 2117704 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-08-17 15:47 . 2010-08-17 15:47 -------- d-----w- c:\users\Neil\AppData\Local\AVG Security Toolbar
2010-08-17 02:21 . 2010-08-19 18:33 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-16 03:04 . 2010-08-21 17:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 03:04 . 2010-08-21 03:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-16 02:59 . 2010-08-21 03:23 -------- d-----w- c:\program files\VS Revo Group
2010-08-14 22:08 . 2010-08-14 22:08 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2010-08-14 22:08 . 2010-08-30 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 22:08 . 2010-08-14 22:08 -------- d-----w- c:\programdata\Malwarebytes
2010-08-14 22:01 . 2010-08-19 19:01 -------- d-----w- c:\program files\Trend Micro
2010-08-14 02:01 . 2010-08-14 02:01 57344 --sha-r- c:\windows\system32\IMJP10KF.dll
2010-08-14 02:00 . 2010-08-15 01:32 -------- d-----w- c:\programdata\Update
2010-08-13 14:35 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 17:43 . 2010-01-31 18:12 -------- d-----w- c:\users\Neil\AppData\Roaming\vlc
2010-09-09 01:59 . 2010-01-06 03:35 -------- d-----w- c:\users\Neil\AppData\Roaming\uTorrent
2010-09-09 01:50 . 2010-07-15 01:27 -------- d-----w- c:\program files\Winamp
2010-09-09 01:50 . 2010-07-15 01:27 -------- d-----w- c:\users\Neil\AppData\Roaming\Winamp
2010-09-05 13:13 . 2010-04-29 04:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-29 16:38 . 2010-01-07 22:09 -------- d-----w- c:\program files\Nokia
2010-08-29 16:38 . 2010-01-07 21:54 -------- d-----w- c:\programdata\Installations
2010-08-27 22:29 . 2010-01-07 00:13 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2010-08-22 18:44 . 2010-01-08 14:46 -------- d-----w- c:\users\Neil\AppData\Roaming\Nokia
2010-08-20 23:01 . 2010-01-07 00:27 -------- d-----w- c:\users\Neil\AppData\Roaming\LimeWire
2010-08-14 21:53 . 2010-01-07 03:39 -------- d-----w- c:\programdata\avg9
2010-08-13 14:49 . 2008-02-18 06:16 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 15:06 . 2010-01-07 03:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:06 . 2010-07-15 15:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:05 . 2010-01-07 03:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 02:04 . 2010-07-15 02:04 -------- d-----w- c:\users\Neil\AppData\Roaming\Logia
2010-07-11 16:07 . 2008-02-18 06:45 1066544 ----a-w- c:\windows\system32\mfc71.dll
2010-06-26 06:05 . 2010-08-13 14:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 14:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 14:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 14:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 01:58 . 2010-06-25 01:58 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-25 01:58 . 2010-06-25 01:58 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-22 19:52 . 2010-06-25 01:58 69214784 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-21 13:37 . 2010-08-13 14:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 14:36 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 14:36 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 14:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^albertino.exe]
path=c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\albertino.exe
backup=c:\windows\pss\albertino.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-04-15 21:04 3827544 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 15:06 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-09-28 03:10 122880 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-23 00:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-24 10:02 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-09 16:59 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 03:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-10-20 02:23 167008 ------w- c:\program files\CyberLink\YouCam\YouCamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\jlc1tz2j.default\
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m ... g+Lucky&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
MSConfigStartUp-AARC - c:\users\Neil\Documents\SYS\albertino.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-sta - iyzgp.dll
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-11 22:15
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-11 22:17:41
ComboFix-quarantined-files.txt 2010-09-12 02:17

Pre-Run: 109,853,749,248 bytes free
Post-Run: 110,027,829,248 bytes free

- - End Of File - - B0E01E1C0E9C5EE14007F5296BC92128

I actually started having problems again, in the break that we had. The site redirectings.
I'm not sure why, but I just wanted to know if my system is clean.
Is there any way to check?
Are there still more steps involved?
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby turtledove » September 12th, 2010, 1:09 am

Good evening gtmaster303,

Thank you for the log.

I'll go over this and be back as soon as possible.
Are you now back from your trip out of town?
Yes, we have more to do to be sure the system is clean. We need to find the cause of the redirects again.
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby gtmaster303 » September 12th, 2010, 9:30 am

Yes, I am back from that trip.
I'll be sure to let you know of any future delays, before they actually happen.
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby turtledove » September 13th, 2010, 1:47 pm

Good day gtmaster,303,
Thanks for letting me know you are back. Hope your trip went well. :)


Please copy/print these instructions for easy reference, you will be offline durring part of the fix.
Vista: Right click and select Run as Administrator on the tools asked to run.


Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image

  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe




ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    KILLALL::
    
        Suspect::
    http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=53327
        c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\albertino.exe
        c:\windows\system32\IMJP10KF.dll
        Folder::
        c:\users\Neil\AppData\Roaming\uTorrent
        c:\users\Neil\AppData\Roaming\LimeWire
        c:\program files\uTorrent
        c:\program files\Spybot - Search & Destroy
        c:\programdata\Spybot - Search & Destroy
    
    
        Registry::
        [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    
    
        [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    
        
        

  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!

  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start > All programs > Accessories then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
    "%userprofile%\desktop\rsit.exe" /info

  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt << will be maximized and info.txt << will be minimized
  • Copy & paste the contents of both logs in your next reply


Post *May need two post replies*
New Combofix log
New RSIT log.txt and new info.txt
How system is now

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby gtmaster303 » September 13th, 2010, 9:17 pm

ComboFix 10-09-13.01 - Neil 09/13/2010 20:44:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1960 [GMT -4:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
Command switches used :: c:\users\Neil\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\uTorrent
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100815-2308.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100815-2341.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100816-1101.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100816-1311.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.100815-2343.txt
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\FraudSysguard.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
c:\users\Neil\AppData\Roaming\LimeWire
c:\users\Neil\AppData\Roaming\LimeWire\active.mojito
c:\users\Neil\AppData\Roaming\LimeWire\avg\database\avi7.avg
c:\users\Neil\AppData\Roaming\LimeWire\avg\database\incavi.avm
c:\users\Neil\AppData\Roaming\LimeWire\avg\database\version.nfo
c:\users\Neil\AppData\Roaming\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\Neil\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\Neil\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Neil\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Neil\AppData\Roaming\LimeWire\downloads.dat
c:\users\Neil\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Neil\AppData\Roaming\LimeWire\gnutella.net
c:\users\Neil\AppData\Roaming\LimeWire\installation.props
c:\users\Neil\AppData\Roaming\LimeWire\library.dat
c:\users\Neil\AppData\Roaming\LimeWire\library5.dat
c:\users\Neil\AppData\Roaming\LimeWire\limewire.props
c:\users\Neil\AppData\Roaming\LimeWire\lock
c:\users\Neil\AppData\Roaming\LimeWire\mojito.props
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\1FEE1D13d01
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\64A08667d01
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\Neil\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\Neil\AppData\Roaming\LimeWire\player.props
c:\users\Neil\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Neil\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Neil\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Neil\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Neil\AppData\Roaming\LimeWire\questions.props
c:\users\Neil\AppData\Roaming\LimeWire\responses.cache
c:\users\Neil\AppData\Roaming\LimeWire\restaccess.txt
c:\users\Neil\AppData\Roaming\LimeWire\simpp.cert
c:\users\Neil\AppData\Roaming\LimeWire\simpp.xml
c:\users\Neil\AppData\Roaming\LimeWire\spam.dat
c:\users\Neil\AppData\Roaming\LimeWire\tables.props
c:\users\Neil\AppData\Roaming\LimeWire\ttdata.cache
c:\users\Neil\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Neil\AppData\Roaming\LimeWire\update.cert
c:\users\Neil\AppData\Roaming\LimeWire\urns.dat
c:\users\Neil\AppData\Roaming\LimeWire\version.xml
c:\users\Neil\AppData\Roaming\LimeWire\versions.props
c:\users\Neil\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\Neil\AppData\Roaming\uTorrent
c:\users\Neil\AppData\Roaming\uTorrent\[ZA] ZOIDS Fuzors (Dubbed) 01-26 [BATCH].torrent
c:\users\Neil\AppData\Roaming\uTorrent\3 Idiots 2009 Hindi Repack Pre-DVDRip x264 E-SuB xRG.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Bejeweled 2 -Deluxe- (REFLEXIVE GAMES) (CRACKED) (DIRECT PLAY) [blaze69].torrent
c:\users\Neil\AppData\Roaming\uTorrent\Black Ps2 DvD.RiP.NTSC.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Brawl.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Cowboy.Bebop.The.Movie[XviD][DVDRip][EngDub].torrent
c:\users\Neil\AppData\Roaming\uTorrent\Craig Armstrong.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Cyberlink YouCam 3.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Cyberlink.YouCam.v3.0.1811.7429-DVT.torrent
c:\users\Neil\AppData\Roaming\uTorrent\CyberLink_Power2Go_v6.0_Multilanguage.torrent
c:\users\Neil\AppData\Roaming\uTorrent\dht.dat
c:\users\Neil\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Neil\AppData\Roaming\uTorrent\Excite_Truck_(NTSC)_(WII).torrent
c:\users\Neil\AppData\Roaming\uTorrent\Games nokia 5800XM.torrent
c:\users\Neil\AppData\Roaming\uTorrent\George Lopez Series.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Gumball 3000 - The Movie.torrent
c:\users\Neil\AppData\Roaming\uTorrent\I-Like-Em-White-Erin-Moore.mov.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Iron Man 2 Encoded TS XviD SAFCuk009.torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire PRO 5.5.13 + crack.torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire Pro 5.5.8 - newest version.torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire PRO v5.4.6.1 Final By ChattChitto.torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire PRO v5.4.7 Final [ChattChitto RG].torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire.PRO.5.4.8.1.Multilingual.Retail.torrent
c:\users\Neil\AppData\Roaming\uTorrent\LimeWire.Pro.v5.5.8.rar.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Mario Kart Wii.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Medal_of_Honor_Heroes_2_Usa_Wii-GAMEOVER.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Mega_Pack_for_5800xm.torrent
c:\users\Neil\AppData\Roaming\uTorrent\New folder.torrent
c:\users\Neil\AppData\Roaming\uTorrent\New Super Mario Bro.s.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Nokia 5800 Apps.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Nokia Collection [76 Applications - 31Games - 100 theme - 500 Pic SMS].torrent
c:\users\Neil\AppData\Roaming\uTorrent\P90X Complete Disk Collection.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Pacman World 3 NTSC-U-USA PS2DVD.torrent
c:\users\Neil\AppData\Roaming\uTorrent\PS2 Gran Turismo 4.torrent
c:\users\Neil\AppData\Roaming\uTorrent\RarLab.WinRAR.v3.91.Cracked.PROPER-EAT.torrent
c:\users\Neil\AppData\Roaming\uTorrent\resume.dat
c:\users\Neil\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Neil\AppData\Roaming\uTorrent\rss.dat
c:\users\Neil\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Neil\AppData\Roaming\uTorrent\Run Like Hell (NTSC) PS2.7z.torrent
c:\users\Neil\AppData\Roaming\uTorrent\s60v5 Games.torrent
c:\users\Neil\AppData\Roaming\uTorrent\sega genesis collection^ps2.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Sega Genesis For The PS2.torrent
c:\users\Neil\AppData\Roaming\uTorrent\settings.dat
c:\users\Neil\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Neil\AppData\Roaming\uTorrent\SPB Software Mobile for Symbian - Unsigned - Cracked.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Super Mario Galaxy NTSC.torrent
c:\users\Neil\AppData\Roaming\uTorrent\The Bard's Tale PS2DVD PAL + ESR 0.24 Patcher (Done).torrent
c:\users\Neil\AppData\Roaming\uTorrent\The Bards Tale USA NTSC PS2DVD.torrent
c:\users\Neil\AppData\Roaming\uTorrent\The Book Of Eli 2010 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\users\Neil\AppData\Roaming\uTorrent\The Matrix Trilogy.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top Gear 15x04 HDTV XviD FoV.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top Gear 15x05 HDTV XviD FoV.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top Gear s15e03 .thebox.hannibal.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top Gear S15E06.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top Gear Season 14 Episode 7.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top.Gear.14x06.HDTV.XviD-FoV.avi.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top.Gear.S15E01.HDTV.XviD-BiA.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top.Gear.S15E03.HDTV.XviD-BiA.avi.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Top.Gear.s15e2.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Transformers Revenge of the Fallen[2009]DvDrip[Eng]-FXG.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Turbotax.Deluxe.2009-WIN.torrent
c:\users\Neil\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Neil\AppData\Roaming\uTorrent\Valentine's Day 2010 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\users\Neil\AppData\Roaming\uTorrent\When In Rome 2010 XviD Re-Encoded CAM SAFCuk009.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Wi-Foo - The Secrets Of Wireless Hacking-C00KIEEE.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Wii Play.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Wii Sports(compressed).torrent
c:\users\Neil\AppData\Roaming\uTorrent\Winamp Pro 5.58 Build 2975 Final + Serial-[HB].torrent
c:\users\Neil\AppData\Roaming\uTorrent\Winamp PRO v5.572 Build 2830 + Serials [ChattChitto RG].torrent
c:\users\Neil\AppData\Roaming\uTorrent\Winamp Pro v5.572 Build 2830.rar.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Winamp.Pro.5.57.(Build 2789).Final.Multilanguage.torrent
c:\users\Neil\AppData\Roaming\uTorrent\Winamp.v5.581.Build.2985.Incl.Keygen-CORE.torrent
c:\users\Neil\AppData\Roaming\uTorrent\WinRAR 3.93 x86.torrent
c:\users\Neil\AppData\Roaming\uTorrent\WinRar v3.91 x32 x64 + Working Patch.torrent

.
((((((((((((((((((((((((( Files Created from 2010-08-14 to 2010-09-14 )))))))))))))))))))))))))))))))
.

2010-09-14 00:52 . 2010-09-14 00:54 -------- d-----w- c:\users\Neil\AppData\Local\temp
2010-09-14 00:52 . 2010-09-14 00:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-14 00:52 . 2010-09-14 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-12 01:50 . 2010-09-12 01:50 -------- d-----w- c:\program files\ERUNT
2010-09-09 03:20 . 2010-09-09 03:20 -------- d-----w- c:\users\Neil\AppData\Local\GMail Drive
2010-09-09 03:19 . 2010-09-11 04:53 -------- d-----w- c:\windows\system32\ShellExt
2010-08-29 15:46 . 2010-08-29 15:46 -------- d-----w- c:\users\Neil\Office Genuine Advantage
2010-08-19 19:01 . 2010-08-19 19:01 -------- d-----w- C:\rsit
2010-08-17 15:47 . 2010-08-17 15:47 -------- d-----w- c:\users\Neil\AppData\Local\AVG Security Toolbar
2010-08-17 02:21 . 2010-08-19 18:33 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-16 02:59 . 2010-08-21 03:23 -------- d-----w- c:\program files\VS Revo Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 17:43 . 2010-01-31 18:12 -------- d-----w- c:\users\Neil\AppData\Roaming\vlc
2010-09-09 01:50 . 2010-07-15 01:27 -------- d-----w- c:\program files\Winamp
2010-09-09 01:50 . 2010-07-15 01:27 -------- d-----w- c:\users\Neil\AppData\Roaming\Winamp
2010-09-05 13:13 . 2010-04-29 04:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-30 17:39 . 2010-08-14 22:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 16:38 . 2010-01-07 22:09 -------- d-----w- c:\program files\Nokia
2010-08-29 16:38 . 2010-01-07 21:54 -------- d-----w- c:\programdata\Installations
2010-08-27 22:29 . 2010-01-07 00:13 273920 ----a-w- c:\windows\system32\drivers\afd.sys
2010-08-22 18:44 . 2010-01-08 14:46 -------- d-----w- c:\users\Neil\AppData\Roaming\Nokia
2010-08-19 19:01 . 2010-08-14 22:01 -------- d-----w- c:\program files\Trend Micro
2010-08-15 01:32 . 2010-08-14 02:00 -------- d-----w- c:\programdata\Update
2010-08-14 22:08 . 2010-08-14 22:08 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2010-08-14 22:08 . 2010-08-14 22:08 -------- d-----w- c:\programdata\Malwarebytes
2010-08-14 21:53 . 2010-01-07 03:39 -------- d-----w- c:\programdata\avg9
2010-08-14 02:01 . 2010-08-14 02:01 57344 --sha-r- c:\windows\system32\IMJP10KF.dll
2010-08-13 14:49 . 2008-02-18 06:16 -------- d-----w- c:\program files\Microsoft Works
2010-08-13 14:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-15 15:06 . 2010-01-07 03:40 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:06 . 2010-07-15 15:06 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:05 . 2010-01-07 03:40 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 16:07 . 2008-02-18 06:45 1066544 ----a-w- c:\windows\system32\mfc71.dll
2010-06-26 06:05 . 2010-08-13 14:36 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 14:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-13 14:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-13 14:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-25 01:58 . 2010-06-25 01:58 77824 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-25 01:58 . 2010-06-25 01:58 50000 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-06-22 19:52 . 2010-06-25 01:58 69214784 ----a-w- c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-06-21 13:37 . 2010-08-13 14:36 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-13 14:36 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-06-18 15:04 . 2010-08-13 14:36 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 15:04 . 2010-08-13 14:36 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-16 16:04 . 2010-08-13 14:35 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^albertino.exe]
path=c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\albertino.exe
backup=c:\windows\pss\albertino.exe.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-04-15 21:04 3827544 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-07-15 15:06 2065760 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2007-09-28 03:10 122880 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-09 00:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-23 00:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-24 10:02 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 20:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-10-09 16:59 4702208 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-17 13:34 634880 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 03:16 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-10-20 02:23 167008 ------w- c:\program files\CyberLink\YouCam\YouCamTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\jlc1tz2j.default\
FF - prefs.js: browser.startup.homepage - igoogle.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m ... g+Lucky&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-09-13 21:04:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-14 01:04
ComboFix2.txt 2010-09-12 02:17

Pre-Run: 109,252,399,104 bytes free
Post-Run: 109,304,205,312 bytes free

- - End Of File - - 8782B053B739F6989F74D05DFC31CCD4


after combofix finished, i had a hard time saving the file. my mouse stopped working and no programs would open.
I managed to save the file, but i had to restart my computer to come back online.
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby gtmaster303 » September 13th, 2010, 9:24 pm

i had to find a download to rsit elsewhere on the site.
Logfile of random's system information tool 1.08 (written by random/random)
Run by Neil at 2010-09-13 21:20:21
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 105 GB (36%) free of 295 GB
Total RAM: 3062 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:52 PM, on 9/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\explorer.exe
C:\Users\Neil\Desktop\rsit.exe
C:\Program Files\trend micro\Neil.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\System32\avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 5105 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
HP Print Clips - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31 177504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{DE9C389F-3316-41A7-809B-AA305ED9D922}
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2010-04-19 2117704]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
C:\Program Files\AIM\aim.exe [2010-04-15 3827544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-15 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2007-09-27 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-10-24 178712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Windows\RtHDVCpl.exe [2007-10-09 4702208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-17 634880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2010-06-24 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
C:\Program Files\CyberLink\YouCam\YouCamTray.exe [2009-10-19 167008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^albertino.exe]
C:\Users\Neil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\albertino.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Neil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\WINDOWS\System32\avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-09-13 21:04:26 ----D---- C:\Windows\temp
2010-09-13 21:04:24 ----A---- C:\ComboFix.txt
2010-09-13 20:54:33 ----D---- C:\$RECYCLE.BIN
2010-09-13 20:42:45 ----A---- C:\Windows\SWXCACLS.exe
2010-09-12 18:12:48 ----D---- C:\Config.Msi
2010-09-11 21:59:47 ----A---- C:\Windows\zip.exe
2010-09-11 21:59:47 ----A---- C:\Windows\SWSC.exe
2010-09-11 21:59:47 ----A---- C:\Windows\SWREG.exe
2010-09-11 21:59:47 ----A---- C:\Windows\sed.exe
2010-09-11 21:59:47 ----A---- C:\Windows\PEV.exe
2010-09-11 21:59:47 ----A---- C:\Windows\NIRCMD.exe
2010-09-11 21:59:47 ----A---- C:\Windows\MBR.exe
2010-09-11 21:59:47 ----A---- C:\Windows\grep.exe
2010-09-11 21:52:08 ----D---- C:\Qoobox
2010-09-11 21:51:21 ----D---- C:\Windows\ERDNT
2010-09-11 21:50:33 ----D---- C:\Program Files\ERUNT
2010-09-08 23:19:36 ----D---- C:\Windows\system32\ShellExt
2010-08-27 18:27:19 ----A---- C:\TDSSKiller.2.4.1.2_27.08.2010_18.27.19_log.txt
2010-08-27 18:26:53 ----A---- C:\TDSSKiller.2.4.1.2_27.08.2010_18.26.53_log.txt
2010-08-25 11:13:46 ----A---- C:\Windows\ntbtlog.txt
2010-08-19 15:01:13 ----D---- C:\rsit
2010-08-16 22:21:54 ----D---- C:\ProgramData\AVG Security Toolbar
2010-08-15 22:59:51 ----D---- C:\Program Files\VS Revo Group
2010-08-14 18:08:27 ----D---- C:\Users\Neil\AppData\Roaming\Malwarebytes
2010-08-14 18:08:19 ----D---- C:\ProgramData\Malwarebytes
2010-08-14 18:08:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-14 18:01:10 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2010-09-13 21:14:52 ----D---- C:\WINDOWS
2010-09-13 21:12:14 ----D---- C:\Windows\Prefetch
2010-09-13 21:12:09 ----D---- C:\Windows\inf
2010-09-13 21:12:03 ----D---- C:\Windows\system32\drivers
2010-09-13 20:54:37 ----A---- C:\Windows\system.ini
2010-09-13 20:54:31 ----D---- C:\Windows\system32\drivers\etc
2010-09-13 20:52:23 ----D---- C:\Program Files
2010-09-13 20:50:04 ----D---- C:\Windows\System32
2010-09-13 20:49:15 ----D---- C:\Windows\AppPatch
2010-09-13 20:49:14 ----D---- C:\Program Files\Common Files
2010-09-13 20:03:40 ----D---- C:\Windows\system32\drivers\Avg
2010-09-12 18:13:04 ----SHD---- C:\Windows\Installer
2010-09-11 22:16:47 ----D---- C:\Windows\Tasks
2010-09-10 23:27:44 ----D---- C:\Program Files\Mozilla Firefox
2010-09-10 23:27:26 ----D---- C:\Windows\system32\catroot2
2010-09-10 13:43:48 ----D---- C:\Users\Neil\AppData\Roaming\vlc
2010-09-08 21:50:25 ----D---- C:\Program Files\Winamp
2010-09-08 21:50:06 ----D---- C:\Users\Neil\AppData\Roaming\Winamp
2010-09-08 00:17:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-09-05 09:13:13 ----D---- C:\Program Files\Microsoft Silverlight
2010-08-29 12:38:59 ----D---- C:\Program Files\Nokia
2010-08-29 12:38:58 ----D---- C:\Windows\system32\catroot
2010-08-29 12:38:17 ----D---- C:\ProgramData\Installations
2010-08-29 12:32:26 ----D---- C:\Windows\winsxs
2010-08-29 12:31:07 ----DC---- C:\Windows\system32\DRVSTORE
2010-08-26 17:51:55 ----SD---- C:\Users\Neil\AppData\Roaming\Microsoft
2010-08-25 21:10:20 ----D---- C:\Windows\Minidump
2010-08-25 13:35:29 ----SHD---- C:\System Volume Information
2010-08-22 14:44:12 ----D---- C:\Users\Neil\AppData\Roaming\Nokia
2010-08-16 22:21:54 ----D---- C:\ProgramData
2010-08-14 21:33:15 ----D---- C:\Windows\Web
2010-08-14 21:32:06 ----D---- C:\ProgramData\Update
2010-08-14 19:24:30 ----D---- C:\Windows\Microsoft.NET
2010-08-14 19:22:45 ----RSD---- C:\Windows\assembly
2010-08-14 17:53:48 ----D---- C:\ProgramData\avg9
2010-08-14 15:19:39 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-09-29 308248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-22 37376]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-09 1970712]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-09-17 98816]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-17 983936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2008-01-20 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-06-28 2222080]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys []
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-04-11 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys []
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\Windows\System32\DRIVERS\vserial.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2008-01-20 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-10-24 358936]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-09-29 13088]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
S3 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.08 2010-09-13 21:20:54

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AIM 7-->C:\Program Files\AIM\uninst.exe
Amazon Kindle For PC v1.0-->C:\Program Files\Amazon\Kindle For PC\uninstall.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing-->msiexec /i{082F8ABA-84D5-4837-9DFC-F365D91A07D4}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.6.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Super Mario 3 : Mario Forever-->C:\Program Files\softendo.com\Mario Forever\Uninstal.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TomTom HOME 2.7.5.2014-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}
TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}
TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}
TurboTax 2009 wnjiper-->MsiExec.exe /I{3B1D6DF0-EAA2-012B-AE51-000000000000}
TurboTax 2009 wnyiper-->MsiExec.exe /I{3B8186F0-EAA2-012B-AE69-000000000000}
TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}
TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB936330(Service Pack) into Installed(Installed) state
Record Number: 113160
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance_en-US(Language Pack) into Installed(Installed) state
Record Number: 113159
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package RemoteAssistance(Feature Pack) into Installed(Installed) state
Record Number: 113158
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Client-Features(Feature Pack) into Installed(Installed) state
Record Number: 113157
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Windows Foundation(Foundation) into Installed(Installed) state
Record Number: 113156
Source Name: Microsoft-Windows-Servicing
Time Written: 20100813150158.000000-000
Event Type: Warning
User: Neil-PC\Neil

=====Application event log=====

Computer Name: Neil-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 143
Source Name: Microsoft-Windows-WMI
Time Written: 20100106025609.000000-000
Event Type: Error
User:

Computer Name: Neil-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1209350316-3647775725-453180617-1000:
Process 692 (\Device\HarddiskVolume2\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1209350316-3647775725-453180617-1000

Record Number: 118
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100106025156.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Neil-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0bd37739-f83b-42f9-b490-b11d3e8e44e3}
Record Number: 97
Source Name: VSS
Time Written: 20100106023338.000000-000
Event Type: Error
User:

Computer Name: Neil-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 79
Source Name: MsiInstaller
Time Written: 20100106022547.000000-000
Event Type: Warning
User: Neil-PC\Neil

Computer Name: Neil-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0bd37739-f83b-42f9-b490-b11d3e8e44e3}
Record Number: 64
Source Name: VSS
Time Written: 20100106021954.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Neil-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 484
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021955.459000-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 483
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 482
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: WIN-03IYYPCUIKX$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2dc
Process Name: C:\WINDOWS\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 481
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100106021952.432600-000
Event Type: Audit Success
User:

Computer Name: Neil-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1209350316-3647775725-453180617-1000
Account Name: Neil
Domain Name: Neil-PC
Logon ID: 0x103b22
Record Number: 480
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100106021950.373400-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\CyberLink\Power2Go
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:

-----------------EOF-----------------


The system seems ok, but i can't really tell....
Some of my setting were changed around
such as the start menu options
but i can't really tell
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby turtledove » September 14th, 2010, 1:06 am

Good evening gtmaster303,

Thank you for the logs. These will take some time to go over. I'll be back as soon s possible. Are you still getting redirects? Let me know please.

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby gtmaster303 » September 14th, 2010, 6:56 am

as of now, i'm not getting any redirects, but i'm not sure if and when they will occur. they happen randomly
is there any way of knowing if my system is truly clean?
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby turtledove » September 16th, 2010, 11:59 am

Good Day gtmaster303,

Thanks for your patience, sorry for the delay.

Print or copy for easier reference. Run/Post replies in order given please. Read first to be sure you have no questions.
Vista: Right click and run as Administrator when running our fixes*

Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

c:\windows\system32\IMJP10KF.dll

Using Jotti
  1. Choose the appropriate language... once a language is selected, you'll see a message "Ready to receive files"
  2. Please copy... the above full path and file name(s)...
  3. Press the Browse button and paste the copied name into the "File name:" text box... then press Open.
    The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... Highlight the results text from the Jotti's malware scan box.
  7. Copy the selected text... Open Notepad... Paste the contents into Notepad... Save the file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Jotti scan results in your next reply.


If the first link is busy:



Using Virus Total
  1. Please copy... the above full path and file name(s)...
  2. Press the Browse button and paste the copied name into the "File name:" text box... then press Open.
    The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When the scan is completed...press the "Compact" icon
  6. The results will be shown in a grid like window... right-click on the text, choose Select All, then Copy the entire contents.
  7. Open Notepad...Paste the result contents into the Notepad window...Save this file to a convenient place.
  8. Please repeat this procedure for each file listed above.
  9. Paste the contents of all the Virus Total results in your next reply.





Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)




  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.



ESET online scannner *This may take some time, be patient*


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Security Check

  • Please download Security Check by screen317 from:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.


Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. ( it will be maximized )
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)




Post in Order * May need more than one reply*
Report from Virus Total or Jotti
C:\Program Files\ESET\EsetOnlineScanner\log.txt
checkup.txt From Security Check
New RSIT log.txt
If you do searches, are things still redirecting
Any other issues, or is system doing better?

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: Incomplete Repair

Unread postby gtmaster303 » September 16th, 2010, 4:37 pm

[ArcaVir]
2010-09-16 Found nothing
[G DATA]
2010-09-16 Found nothing
[Avast! antivirus]
2010-09-16 Found nothing
[Ikarus]
2010-09-16 Found nothing
[Grisoft AVG Anti-Virus]
2010-09-16 Found nothing
[Kaspersky Anti-Virus]
2010-09-16 Found nothing
[Avira AntiVir]
2010-09-16 Found nothing
[ESET NOD32]
2010-09-16 Found nothing
[Softwin BitDefender]
2010-09-16 Found nothing
[Panda Antivirus]
2010-09-16 Found nothing
[ClamAV]
2010-09-16 Found nothing
[Quick Heal]
2010-09-16 Found nothing
[CPsecure]
2010-09-16 Found nothing
[Sophos]
2010-09-16 Found nothing
[Dr.Web]
2010-09-16 Found nothing
[VirusBlokAda VBA32]
2010-09-16 Found nothing
[Frisk F-Prot Antivirus]
2010-09-16 Found nothing
[VirusBuster]
2010-09-16 Found nothing
[F-Secure Anti-Virus]
2010-09-16 Found nothing
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm

Re: Incomplete Repair

Unread postby gtmaster303 » September 16th, 2010, 7:07 pm

C:\SWSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\WINDOWS\pss\albertino.exe.Startup a variant of MSIL/Agent.AS trojan

while eset was running, avg went off with some warnings as well.
gtmaster303
Regular Member
 
Posts: 34
Joined: August 15th, 2010, 3:25 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware