Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:45:17 AM, on 2/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tyler\Desktop\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w3/resourc ... den-ca.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 5898 bytes
ComboFix 09-02-12.02 - Tyler 2009-02-13 3:31:42.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1918.1302 [GMT -5:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\users\Tyler\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\users\Rechelle\AppData\Roaming\LimeWire
c:\users\Rechelle\AppData\Roaming\LimeWire\active.mojito
c:\users\Rechelle\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Rechelle\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Rechelle\AppData\Roaming\LimeWire\downloads.dat
c:\users\Rechelle\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Rechelle\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Rechelle\AppData\Roaming\LimeWire\filters.props
c:\users\Rechelle\AppData\Roaming\LimeWire\gnutella.net
c:\users\Rechelle\AppData\Roaming\LimeWire\installation.props
c:\users\Rechelle\AppData\Roaming\LimeWire\library.dat
c:\users\Rechelle\AppData\Roaming\LimeWire\limewire.props
c:\users\Rechelle\AppData\Roaming\LimeWire\mojito.props
c:\users\Rechelle\AppData\Roaming\LimeWire\passive.mojito
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Rechelle\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Rechelle\AppData\Roaming\LimeWire\questions.props
c:\users\Rechelle\AppData\Roaming\LimeWire\responses.cache
c:\users\Rechelle\AppData\Roaming\LimeWire\simpp.xml
c:\users\Rechelle\AppData\Roaming\LimeWire\spam.dat
c:\users\Rechelle\AppData\Roaming\LimeWire\tables.props
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme.lwtp
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\
01_star.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\
02_star.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\
03_star.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\
04_star.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\
05_star.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Rechelle\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Rechelle\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Rechelle\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Rechelle\AppData\Roaming\LimeWire\version.xml
c:\users\Rechelle\AppData\Roaming\LimeWire\versions.props
c:\users\Rechelle\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Tyler\AppData\Roaming\LimeWire
c:\users\Tyler\AppData\Roaming\LimeWire\active.mojito
c:\users\Tyler\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Tyler\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Tyler\AppData\Roaming\LimeWire\downloads.dat
c:\users\Tyler\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Tyler\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Tyler\AppData\Roaming\LimeWire\filters.props
c:\users\Tyler\AppData\Roaming\LimeWire\gnutella.net
c:\users\Tyler\AppData\Roaming\LimeWire\installation.props
c:\users\Tyler\AppData\Roaming\LimeWire\library.dat
c:\users\Tyler\AppData\Roaming\LimeWire\limewire.props
c:\users\Tyler\AppData\Roaming\LimeWire\mojito.props
c:\users\Tyler\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Tyler\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Tyler\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Tyler\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Tyler\AppData\Roaming\LimeWire\questions.props
c:\users\Tyler\AppData\Roaming\LimeWire\responses.cache
c:\users\Tyler\AppData\Roaming\LimeWire\simpp.xml
c:\users\Tyler\AppData\Roaming\LimeWire\spam.dat
c:\users\Tyler\AppData\Roaming\LimeWire\tables.props
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\
01_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\
02_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\
03_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\
04_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\
05_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button1.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button1_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button2.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button2_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button3.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button3_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button4.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button4_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button5.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\button5_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\chat.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\connections.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\dir_closed.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\dir_open.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\forward_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\forward_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\kill.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\kill_on.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\library.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\lime.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\logo.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\monitor.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\notsearching.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\pause_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\pause_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\play_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\play_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\plug.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\question.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\rewind_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\rewind_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\search.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\searching.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\shopping.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\splash.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\stop_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\stop_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\theme.txt
c:\users\Tyler\AppData\Roaming\LimeWire\themes\black\warning.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\
01_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\
02_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\
03_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\
04_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\
05_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\chat.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\lime.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\play_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\question.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\theme.txt
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\version.txt
c:\users\Tyler\AppData\Roaming\LimeWire\themes\limewirePro_theme\warning.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\
01_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\
02_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\
03_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\
04_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\
05_star.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button1.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button1_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button2.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button2_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button3.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button3_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button4.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button4_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button5.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\button5_press.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\chat.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\connections.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\dir_closed.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\dir_open.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\forward_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\forward_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\kill.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\kill_on.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\library.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\lime.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\logo.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\monitor.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\notsearching.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\pause_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\pause_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\play_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\play_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\plug.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\question.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\rewind_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\rewind_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\search.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\searching.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\shopping.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\splash.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\stop_dn.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\stop_up.gif
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\theme.txt
c:\users\Tyler\AppData\Roaming\LimeWire\themes\Red_Skin\warning.gif
c:\users\Tyler\AppData\Roaming\LimeWire\ttrees.cache
c:\users\Tyler\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Tyler\AppData\Roaming\LimeWire\version.xml
c:\users\Tyler\AppData\Roaming\LimeWire\versions.props
c:\users\Tyler\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Tyler\AppData\Roaming\LimeWire\xml\data\video.sxml2
c:\users\Tyler\AppData\Roaming\uTorrent
c:\users\Tyler\AppData\Roaming\uTorrent\(APPS) - DVD Fab Platinum 5.1.1.0 ( With Serial + Patch).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\2Pac Discography [2007].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\A Beautiful Mind.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\advanced registry fix registry repair cleaner fixer pc speed up software.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Ali Vegas - Transition To Power (Hosted by DJ Superstar Jay and DJ L-Gee.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\An.American.Crime[2007]DvDrip-aXXo.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Army of the Pharaohs.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Army_Of_The_Pharaohs-Ritual_Of_Battle-(Retail)-2007-HHD.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\big pun discography.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\BMF-MF.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Cam'ron.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\cappadonna - the pillage - 1998 -.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Clipse - Hell Hath No Fury (2006) - Hip Hop By FEFE2003.rar.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Clipse - Lord Willin'.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\CopyPod+serial.rar.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Dark Secrets ~ Inside Bohemian Grove [H.264-AAC].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\dht.dat
c:\users\Tyler\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Tyler\AppData\Roaming\uTorrent\Dipset - Diplomats - Diplomatic Immunity.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DivX Pro 6.8.0.19+keymaker.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ 31 Degreez And Young Jeezy Ice Cream Man Pt. 3 (Trapstars Christmas).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ Green Lantern & Jadakiss - Kiss My Ass The Champ Is Here Pt.2.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ Mystery & DJ Focuz - Clipse Vs Mobb Deep (2CD)-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ Whiteowl Dipset Disciples Pt 2.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ_31_Degreez_And_Re-Up_Gang-Got_Snow-(Bootleg)-2008-CR.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\DJ_Drama_And_Lil_Wayne-Dedication_3_(Gangsta_Grillz_Edition)-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\E--.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Eminem - Crack A Bottle Feat Dr Dre & 50 Cent-MIXFIEND-2009.mp3.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Eminem Discography (1995-2005).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Evil Empire And Lil Wayne - The Leak 6-2009-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Gangland.S01E07.WS.DSR.XViD-W4F.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Gia-DivX-Angelina-Jolie-Naked.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Hell Rell - Black Mask Black Gloves (The Ruga Edition 2008) - Rap.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Hell_Rell-Streets_Wanna_Know-RapHustle-2005.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Hell_Rell-Top_Gunna_(The_Ruga_Edition)-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Hoodz.Boosie.And.Webbie.Baton.Rouge.Gorillaz.2008.NTSC.MDVDR.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Hoodz.Jeezy.And.Boo.2008.NTSC.MDVDR-C4DVD.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Ill_Bill-The_Hour_Of_Reprisal-2008-C4.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jake One - White Van Music [tRg Music Release].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jay Z Full Discography + Mixtape Albums + Mixtapes.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks-AHOV (SReggin).1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks-AHOV (SReggin).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks - Servants in Heaven Kings in Hell - 2006.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks - Violent By Design (2000).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks Presents Doap Nixon-Sour Diesel (2008)--Rawkus--Darkside_RG.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks presents King Syze-The Labor Union (2008)-Rawkus--Darkside_RG.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jedi Mind Tricks.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Joe_Budden-Halfway_House-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Jus Allah - All Fates Have Changed (2005).torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Kanye West - 808's & Heartbreak [h33t][MAMBO04].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\kissmaxb.mp3.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Lil Wayne The Leak 5.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Ludacris Discography.(5 Albums).moXXon.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Method_Man-Ticallion-(Bootleg)-2008-H3X.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Nas Discography.(10 Albums).moXXon.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Necro.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Need.for.Speed.Undercover.Keygen.and Crack-RELOADED.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Nero 9.0.9.4b22 + Serial.rar.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Prodigy-HNIC_Part_2-2008-WHOA.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Purple City - Road To The Riches (2005) - Rap -
http://www.torrentazos.com By FEFE2003.rar.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Re-up Gang - We Got It For Cheap Vol. 3.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\RegistryFix V6.2 + Serial.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\resume.dat
c:\users\Tyler\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Tyler\AppData\Roaming\uTorrent\rss.dat
c:\users\Tyler\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Tyler\AppData\Roaming\uTorrent\settings.dat
c:\users\Tyler\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Tyler\AppData\Roaming\uTorrent\SHAWTYLO.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\SMACK.DVD.Magazine.Vol.14.2008.DVDRip.XviD-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E09.DSR.XviD-0TV.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E10.DSR.XviD-0TV.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E11.DSR.XviD-0TV.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E12.DSR.XviD-0TV.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E13.DSR.XviD-0TV.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\South.Park.S12E14.DSR.XviD-0TV.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Southpark - 1213 - Elementary School Musical {C_P}.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Starcraft + BroodWar + The Last Update Patch 1.152 + KeyGen.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Starcraft + BroodWar + Update Patch 1.151 + CD Key.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Styles_P-Super_Gangster__Extraordinary_Gentleman-2007-C4.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Tapemasters Inc & Jim Jones - Jockin Jim Jones.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The Come Up 18 DVD.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The Don Bishop Agallah Presents - Propane Piff.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The Notorious B.I.G. Discography.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The Trailer Park Boys Christmas Special (2004) (TV)tabsman[KRGrelease].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The.Lox.Live.And.Uncut.The.Reunion.2008.DVDRip.XviD-ASSASS1NS.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The_Empire_And_Lil_Wayne-The_Drought_Is_Over_Pt._6_(The_Reincarnation)-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\The_Original_50_Cent.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 2.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 3.1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 3.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 5.1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys - Season 5.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys -Season 7.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys Season 4.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys Season 6.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Trailer Park Boys.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\TuneUp.Utilities.2009.v8.0.2000.35-TE.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Twilight [2008] HQ SCREENER.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Twilight Cam XviD [NNC] v1 - Lynks.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Twilight.2008.cam.avi.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Un_Kasa-Best_Of_Un_Kasa_Straight_Out_The_Krayon_Box-(Bootleg)-2006-WEBBZ.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Urban Welfare Vol 1.-MIXFIEND.1.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Urban Welfare Vol 1.-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\utorrent.lng
c:\users\Tyler\AppData\Roaming\uTorrent\VA-Camron - Public Enemy 1-2CD-(Bootleg)-2007-JL.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\VA-Duke_Da_God_Presidential_Paper_Vol._1-2008-MIXFIEND.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\VA-Suge_White-the_Best_of_Purple_City-Bootleg-2006.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Warcraft III Reign of Chaos, The Frozen Throne + Update Patch War3TFT_122a_English +CD Key.torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Young.Jeezy-The.Recession-Retail-2008-[NoFS].torrent
c:\users\Tyler\AppData\Roaming\uTorrent\Zeitgeist.Addendum.DVDRip.XviD.torrent
.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.
2009-02-13 00:38 . 2009-02-13 00:40 <DIR> d-------- c:\program files\SpywareBlaster
2009-02-12 16:19 . 2009-02-05 16:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-11 02:21 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-11 02:21 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-11 02:21 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-11 02:21 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-11 02:21 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-11 02:21 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-11 02:21 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-11 02:21 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-11 02:14 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-11 02:14 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-11 02:14 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-11 02:14 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-11 02:14 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-11 02:12 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-11 02:12 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-11 02:12 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-11 02:12 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-11 02:12 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 02:11 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 02:11 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-10 14:54 . 2009-02-10 15:01 345 --a------ c:\windows\gmer.ini
2009-02-09 14:09 . 2009-02-09 14:09 <DIR> d-------- c:\users\Tyler\AppData\Roaming\Malwarebytes
2009-02-09 14:09 . 2009-02-09 14:09 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-09 14:09 . 2009-02-09 14:09 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-09 14:09 . 2009-02-09 16:28 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-09 14:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-09 14:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-08 14:50 . 2009-02-08 14:50 <DIR> d-------- C:\rsit
2009-01-30 20:36 . 2009-01-30 20:36 603,904 --a------ c:\windows\System32\TUProgSt.exe
2009-01-30 20:36 . 2008-12-11 13:31 27,904 --a------ c:\windows\System32\uxtuneup.dll
2009-01-30 20:36 . 2008-12-11 13:31 17,152 --a------ c:\windows\System32\authuitu.dll
2009-01-30 20:35 . 2009-01-30 20:35 <DIR> d-------- c:\users\Tyler\AppData\Roaming\TuneUp Software
2009-01-30 20:35 . 2009-01-30 20:35 360,192 --a------ c:\windows\System32\TuneUpDefragService.exe
2009-01-30 20:34 . 2009-01-30 20:34 <DIR> d-------- c:\users\All Users\TuneUp Software
2009-01-30 20:34 . 2009-01-30 20:34 <DIR> d-------- c:\programdata\TuneUp Software
2009-01-30 20:34 . 2009-01-30 20:37 <DIR> d-------- c:\program files\TuneUp Utilities 2009
2009-01-30 20:33 . 2009-01-30 20:33 <DIR> d--hs---- c:\users\All Users\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-30 20:33 . 2009-01-30 20:33 <DIR> d--hs---- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-30 20:21 . 2009-01-30 20:21 <DIR> d-------- c:\users\Tyler\AppData\Roaming\BHOK It Consulting
2009-01-30 20:20 . 2009-01-30 20:20 <DIR> d-------- c:\program files\BHOK It Consulting
2009-01-30 20:09 . 2009-02-11 01:44 <DIR> d-------- c:\users\Tyler\AppData\Roaming\SUPERAntiSpyware.com
2009-01-30 20:09 . 2009-01-30 20:09 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2009-01-30 20:09 . 2009-01-30 20:09 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2009-01-28 00:56 . 2009-02-10 00:18 <DIR> d-------- c:\program files\Trend Micro
2009-01-27 23:47 . 2009-01-31 00:01 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-01-27 23:47 . 2009-01-31 00:01 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-01-27 23:30 . 2009-01-27 23:42 <DIR> d-------- c:\users\All Users\SITEguard
2009-01-27 23:30 . 2009-01-27 23:42 <DIR> d-------- c:\programdata\SITEguard
2009-01-27 23:29 . 2009-01-27 23:47 <DIR> d-------- c:\users\All Users\STOPzilla!
2009-01-27 23:29 . 2009-01-27 23:47 <DIR> d-------- c:\programdata\STOPzilla!
2009-01-27 23:29 . 2009-01-27 23:29 <DIR> d-------- c:\program files\Common Files\iS3
2009-01-26 01:55 . 2009-02-12 00:14 230,182,618 --a------ c:\windows\MEMORY.DMP
2009-01-23 19:26 . 2009-01-23 19:26 <DIR> d-------- c:\users\All Users\VistaCodecs
2009-01-23 19:26 . 2009-01-23 19:26 <DIR> d-------- c:\programdata\VistaCodecs
2009-01-23 19:26 . 2009-01-23 19:27 <DIR> d-------- c:\program files\VistaCodecPack
2009-01-22 03:53 . 2009-01-23 19:32 <DIR> d-------- c:\program files\PS3 Media Server
2009-01-19 12:29 . 2009-01-19 12:30 <DIR> d-------- c:\program files\FormatFactory
2009-01-19 12:28 . 2009-01-19 12:28 <DIR> d-------- c:\program files\WinSCP
2009-01-14 06:43 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 07:34 --------- d-----w c:\program files\Windows Mail
2009-02-11 07:27 --------- d-----w c:\programdata\Microsoft Help
2009-01-24 00:17 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-24 00:10 --------- d-----w c:\users\Tyler\AppData\Roaming\DivX
2009-01-10 05:13 57,344 ----a-w c:\windows\System32\ff_vfw.dll
2009-01-09 23:26 1,007,616 ----a-w c:\windows\System32\VSFilter.dll
2009-01-05 04:36 --------- d-----w c:\users\Rechelle\AppData\Roaming\WinBatch
2009-01-01 19:57 --------- d-----w c:\programdata\HP Product Assistant
2008-12-26 04:36 47,360 ----a-w c:\users\Tyler\AppData\Roaming\pcouffin.sys
2008-12-26 04:36 --------- d-----w c:\users\Tyler\AppData\Roaming\Vso
2008-12-25 02:08 --------- d-----w c:\users\Rechelle\AppData\Roaming\DivX
2008-12-24 22:23 --------- d-----w c:\users\Rechelle\AppData\Roaming\Apple Computer
2008-12-18 18:40 --------- d-----w c:\program files\Bonjour
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-11 20:15 94,208 ----a-w c:\windows\ScUnin.exe
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\System32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\System32\xvidvfw.dll
2008-12-04 07:24 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-12-04 07:23 315,392 ----a-w c:\windows\HideWin.exe
2008-10-25 00:46 174 --sha-w c:\program files\desktop.ini
.
((((((((((((((((((((((((((((( SnapShot@2009-02-12_14.55.15.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-13 07:12:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-13 07:12:46 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-12 19:51:49 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-13 07:13:47 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-12 19:51:48 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 07:13:42 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-13 07:13:42 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2009-02-05 21:11:35 1,256,296 ----a-w c:\windows\System32\aswBoot.exe
+ 2009-02-05 21:04:45 97,480 ----a-w c:\windows\System32\AvastSS.scr
- 2009-02-12 05:14:55 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-13 07:13:15 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-12 05:14:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 07:13:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-12 05:14:55 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-13 07:13:15 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-05 21:07:12 20,560 ----a-w c:\windows\System32\drivers\aswFsBlk.sys
+ 2009-02-05 21:06:10 23,152 ----a-w c:\windows\System32\drivers\aswRdr.sys
+ 2009-02-05 21:07:23 114,768 ----a-w c:\windows\System32\drivers\aswSP.sys
+ 2009-02-05 21:06:20 51,376 ----a-w c:\windows\System32\drivers\aswTdi.sys
- 2009-02-12 05:22:23 7,460 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2372179169-1948222131-1385514866-1000_UserData.bin
+ 2009-02-13 07:14:35 7,886 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2372179169-1948222131-1385514866-1000_UserData.bin
- 2009-02-12 05:22:22 53,422 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 07:14:35 53,548 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-11 21:09:45 31,426 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-13 07:14:34 31,882 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-02-12 19:29:10 237,186 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-02-13 08:22:51 237,794 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdc.exe" [2007-01-24 563080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D318434A-ABEA-486B-925D-1550C344B8FA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6FCA7339-8C83-4AD0-BC0A-7CA606217376}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BFE2F4FB-1507-4404-99D3-E7AE64A390D7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6AF52BB5-A8D3-4908-9F39-16233F7414C2}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1FE7D998-F396-4011-B934-D38D34FDF0B8}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{941D3C23-4348-4C1E-A3B2-37C1B860EDF2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F930404B-6283-4ACA-A5BB-97009B83FDA3}"= UDP:5721:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}:@%systemroot%\WindowsMobile\wmdc.exe,-4002
"{DA399F91-C414-4DA8-820B-2006860414B9}"= UDP:1034:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}:@%systemroot%\WindowsMobile\wmdc.exe,-4003
"{B4E7546C-D2CD-4DFF-8F54-3A4879146CA7}"= UDP:5678:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004
"{75C98E04-AC6C-4B23-A085-61C27464715D}"= UDP:999:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005
"{34C25E97-9498-45E6-AB67-28F3F3C93B05}"= UDP:26675:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}:@%systemroot%\WindowsMobile\wmdc.exe,-4006
"{DBC94068-6DD5-433B-B0FF-830C45AEB76B}"= UDP:990:LocalSubnet:LocalSubnet|IF={3E5BE176-A1B4-4094-A00B-389ABD2815E9}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdc.exe,-4001
"TCP Query User{671DAAFD-D68E-4840-8DC4-76C7B6D452BD}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{5DAF9C76-F4C7-4DB9-A2C3-4345EF5BDE1C}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{47E88A8C-D3A8-43D2-8825-38D04FABDA22}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{FA8AA028-8580-4B53-AF90-9C5B8564DE53}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{FCCA152F-F9B9-411D-AE07-1B936C2BC35E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C39CB953-0977-41C2-B9B7-DCEA332B0316}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{4DD7DFEC-0804-480C-87C7-D23F5DFD6968}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{BA836DFE-0D92-4597-9B86-B2FD00FD38DC}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{1DFF17C0-85FB-41E7-8433-2A73F25942B8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5D85EA0A-681D-485C-AAD7-6D88501E620C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-12 51792]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-01-30 603904]
S3 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [2008-08-17 217088]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\System32\drivers\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\System32\drivers\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\System32\drivers\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\System32\drivers\s125obex.sys [2007-04-24 98696]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [2006-11-02 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 21:36]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://sympatico.msn.ca/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-13 03:34:43
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-02-13 3:36:27
ComboFix-quarantined-files.txt 2009-02-13 08:36:24
ComboFix2.txt 2009-02-13 07:09:59
Pre-Run: 225,720,033,280 bytes free
Post-Run: 225,674,514,432 bytes free
543 --- E O F --- 2009-02-13 07:18:10