Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Have Some Problems - Browser Misdirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Have Some Problems - Browser Misdirection

Unread postby nickle91 » August 24th, 2009, 7:05 pm

Over the past few days my browser (Firefox) has been acting strange. Oftentimes when I click a link to go to a website, on google or whatever, it will take me to a completely different website. Furthermore, every time I start my computer my avira antivirus and zone alarm's guard is disabled. I believe I have a virus. I upgraded ie6 to ie8 recently, and now ie will not connect to the internet.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:52 PM, on 8/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\razerofa.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Ñïóòíèê@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
R3 - URLSearchHook: (no name) - {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Documents and Settings\Administrator\Application Data\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Blubster Toolbar Helper - {09AA6C75-179E-42E0-82F7-302603339A82} - C:\Program Files\Blubster Toolbar\v3.3.0.1\Blubster_Toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Blubster Toolbar - {7EFBC57C-CD57-481F-B794-648FCE9C9116} - C:\Program Files\Blubster Toolbar\v3.3.0.1\Blubster_Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ñïóòíèê@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: Ïîèñê@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Administrator\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Administrator\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7689355250
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10396 bytes

Thanks in advance for the help.
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm
Advertisement
Register to Remove

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » August 27th, 2009, 5:01 am

Hi nickle91

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » August 27th, 2009, 6:21 pm

Here it is:



GMER 1.0.15.15077 [l8w4b7eu.exe] - http://www.gmer.net
Rootkit scan 2009-08-27 17:18:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 89940728 ZwEnumerateKey
Code 8993F728 ZwFlushInstructionCache
Code 898FBAD6 ZwSaveKey
Code 898F9AD6 ZwSaveKeyEx
Code 8980462E IofCallDriver
Code 897FC626 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE00A 5 Bytes JMP 89804633
.text ntkrnlpa.exe!IofCompleteRequest 804EE09A 5 Bytes JMP 897FC62B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP 8993F72C
PAGE ntkrnlpa.exe!ZwSaveKey 806173DA 5 Bytes JMP 898FBADA
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061746A 5 Bytes JMP 898F9ADA
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619770 5 Bytes JMP 8994072C
? srescan.sys The system cannot find the file specified. !
? system32\drivers\mkul.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Razer\razerhid.exe[348] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerhid.exe[348] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\razerhid.exe[348] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerhid.exe[348] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\razerhid.exe[348] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CD0001
.text C:\Program Files\Razer\razerhid.exe[348] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\razerhid.exe[348] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\razerhid.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\razerhid.exe[348] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerhid.exe[348] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\razerhid.exe[348] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\razerhid.exe[348] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DD0001
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\Diamondback 3G\razerhid.exe[472] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[504] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[504] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[504] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[504] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[504] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E60001
.text C:\WINDOWS\system32\ctfmon.exe[504] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[504] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[504] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[504] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[504] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[504] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[504] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00FE0001
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 027A0001
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[652] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\devldr32.exe[1360] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\devldr32.exe[1360] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\devldr32.exe[1360] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\devldr32.exe[1360] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\devldr32.exe[1360] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\devldr32.exe[1360] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\devldr32.exe[1360] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\devldr32.exe[1360] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\devldr32.exe[1360] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\devldr32.exe[1360] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\devldr32.exe[1360] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\devldr32.exe[1360] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1592] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01720001
.text C:\WINDOWS\Explorer.EXE[1592] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[1592] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1592] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\razertra.exe[3328] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razertra.exe[3328] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\razertra.exe[3328] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razertra.exe[3328] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\razertra.exe[3328] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00910001
.text C:\Program Files\Razer\razertra.exe[3328] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\razertra.exe[3328] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\razertra.exe[3328] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\razertra.exe[3328] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razertra.exe[3328] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\razertra.exe[3328] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\razertra.exe[3328] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00920001
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\Diamondback 3G\razertra.exe[3340] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\razerofa.exe[3420] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerofa.exe[3420] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\razerofa.exe[3420] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerofa.exe[3420] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\razerofa.exe[3420] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A80001
.text C:\Program Files\Razer\razerofa.exe[3420] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\razerofa.exe[3420] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\razerofa.exe[3420] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\razerofa.exe[3420] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\razerofa.exe[3420] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\razerofa.exe[3420] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\razerofa.exe[3420] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A80001
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Razer\Diamondback 3G\razerofa.exe[3436] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 003F0001
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ADVAPI32.dll!CreateProcessWithLogonW 77E15CFD 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E15D01 2 Bytes [05, 5F]
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ADVAPI32.dll!CreateServiceA 77E370B9 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Administrator\Desktop\l8w4b7eu.exe[3696] ADVAPI32.dll!CreateServiceW 77E37251 6 Bytes JMP 5F1C0F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B69E7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B69E7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B69E7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B69E7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B69E9B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B69E7E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B69EA260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B69E9930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmkalxdpxy.sys (*** hidden *** ) [SYSTEM] kbiwkmondbbqlt <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt@imagepath \systemroot\system32\drivers\kbiwkmkalxdpxy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmkalxdpxy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmlqpsqwpa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmibhoymqs.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmnlguyrvk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmondbbqlt\modules@kbiwkm.dat \systemroot\system32\kbiwkmhabopxbd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt@imagepath \systemroot\system32\drivers\kbiwkmkalxdpxy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main@sid 1
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmkalxdpxy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmlqpsqwpa.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmibhoymqs.dat
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmnlguyrvk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\kbiwkmondbbqlt\modules@kbiwkm.dat \systemroot\system32\kbiwkmhabopxbd.dat

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\bl.db 5120 bytes
File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\crawlercfg.dat 3145 bytes
File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\idx 0 bytes
File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\is2.db 27825152 bytes
File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\SID.db 324797 bytes
File C:\Program Files\Common Files\Ahead\Lib\NeroPreview\filedlg\SII.db 8594 bytes
File C:\WINDOWS\system32\drivers\kbiwkmkalxdpxy.sys 71168 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\Temp\kbiwkmosspvcpxtw.tmp 91 bytes

---- EOF - GMER 1.0.15 ----
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » August 27th, 2009, 11:48 pm

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » August 28th, 2009, 10:50 am

ComboFix 09-08-27.A0 - Administrator 08/28/2009 9:25.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1698 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Blubster Toolbar
c:\program files\Blubster Toolbar\settings.dat
c:\program files\Blubster Toolbar\uninstall.txt
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\ac.txt
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome.manifest
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\contents.rdf
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\firefox.js
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\content\firefox.xul
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\firefox.jar
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\jarzip.txt
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\contents.rdf
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\go.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\toolbar_logo.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\chrome\skin\tut_overlay.css
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\firefox.xpi
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\install.rdf
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\make.bat
c:\program files\Blubster Toolbar\v3.2.0.0\firefox\xpizip.txt
c:\program files\Blubster Toolbar\v3.2.0.0\installer.ico
c:\program files\Blubster Toolbar\v3.2.0.0\resources\checkmark.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\go1.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\go1_hot.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\go2.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\go2_hot.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_bg.png
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_feature_bracket.gif
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_logo.gif
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_search_bracket.gif
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_star_bullet.png
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\intro_toolbar.png
c:\program files\Blubster Toolbar\v3.2.0.0\resources\intro\toolbar_intro.htm
c:\program files\Blubster Toolbar\v3.2.0.0\resources\popup_blocker_off.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\popup_blocker_on.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\radiodot.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\accuweather.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\amazon.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\dictionary.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\ebay.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\flickr.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\google_groups.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\google_images.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\google_maps.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\google_news.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\shopping.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\technorati.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\wikipedia.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\yahoo.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\yahoo_answers.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\search\youtube.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\searchbg.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\resources\Thumbs.db
c:\program files\Blubster Toolbar\v3.2.0.0\resources\Toolbar.js
c:\program files\Blubster Toolbar\v3.2.0.0\resources\toolbar_logo.bmp
c:\program files\Blubster Toolbar\v3.2.0.0\Thumbs.db
c:\program files\Blubster Toolbar\v3.3.0.1\Blubster_Toolbar.dll
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome.manifest
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\content\toolbar.js
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\content\toolbar.xul
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\skin\go.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\skin\go.GIF
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\skin\overlay.css
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\skin\Thumbs.db
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\chrome\skin\toolbar_logo.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\Firefox\install.rdf
c:\program files\Blubster Toolbar\v3.3.0.1\installer.ico
c:\program files\Blubster Toolbar\v3.3.0.1\resources\checkmark.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\go1.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\go1_hot.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\go2.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\go2_hot.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_bg.png
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_feature_bracket.gif
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_logo.gif
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_search_bracket.gif
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_star_bullet.png
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\intro_toolbar.png
c:\program files\Blubster Toolbar\v3.3.0.1\resources\intro\toolbar_intro.htm
c:\program files\Blubster Toolbar\v3.3.0.1\resources\popup_blocker_off.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\popup_blocker_on.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\radiodot.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\accuweather.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\amazon.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\dictionary.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\ebay.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\flickr.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\google_groups.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\google_images.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\google_maps.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\google_news.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\shopping.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\technorati.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\wikipedia.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\yahoo.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\yahoo_answers.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\search\youtube.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\searchbg.bmp
c:\program files\Blubster Toolbar\v3.3.0.1\resources\Toolbar.js
c:\program files\Blubster Toolbar\v3.3.0.1\resources\toolbar_logo.bmp
c:\program files\Mail.Ru\Agent\Mra\dll\newmrasearch.dll
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\windows\system32\drivers\kbiwkmkalxdpxy.sys
c:\windows\system32\kbiwkmhabopxbd.dat
c:\windows\system32\kbiwkmibhoymqs.dat
c:\windows\system32\kbiwkmlqpsqwpa.dll
c:\windows\system32\kbiwkmnlguyrvk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmondbbqlt
-------\Legacy_kbiwkmondbbqlt


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Malwarebytes
2009-08-27 17:06 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-27 17:06 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 18:59 . 2009-08-24 18:59 -------- d-----w- c:\program files\Trend Micro
2009-08-24 18:04 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-24 18:03 . 2009-08-24 18:03 -------- d-----w- c:\program files\Panda Security
2009-08-24 17:54 . 2009-08-24 17:54 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-08-24 17:30 . 2009-08-24 17:30 -------- dc-h--w- c:\windows\ie8
2009-08-23 17:22 . 2009-08-23 17:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-23 17:08 . 2009-08-23 17:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-23 16:57 . 2009-08-24 17:22 -------- d-----w- c:\windows\ie8updates
2009-08-23 16:56 . 2009-08-23 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-23 16:22 . 2009-08-23 16:22 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Yahoo!
2009-08-23 16:21 . 2009-08-23 16:57 -------- d--h--w- c:\windows\msdownld.tmp
2009-08-23 16:19 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-23 16:19 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-23 16:19 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-23 15:41 . 2009-08-23 16:01 -------- d-----w- c:\program files\BHODemon 2
2009-08-23 15:17 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-23 15:17 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-23 15:08 . 2009-08-23 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-08-23 15:04 . 2009-08-23 15:04 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\IObit
2009-08-13 21:27 . 2009-08-13 21:27 -------- d-----w- c:\program files\TES_Map

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 05:32 . 2007-05-02 23:01 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\LimeWire
2009-08-28 05:02 . 2007-07-15 23:32 -------- d-----w- c:\program files\Warcraft III
2009-08-27 20:58 . 2009-06-24 18:22 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Skype
2009-08-27 20:55 . 2009-06-24 18:24 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\skypePM
2009-08-26 02:06 . 2007-07-15 23:37 79607 ----a-w- c:\windows\War3Unin.dat
2009-08-23 16:56 . 2008-08-31 23:20 -------- d-----w- c:\program files\Yahoo!
2009-08-23 16:22 . 2008-08-31 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-23 15:08 . 2007-06-02 13:04 -------- d-----w- c:\program files\IObit
2009-08-23 14:48 . 2007-09-25 00:39 19705495 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-21 19:11 . 2009-08-21 19:12 1890816 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-08-18 07:34 . 2009-08-18 07:35 1887232 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-08-13 01:17 . 2009-08-13 05:06 1870336 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-08-11 05:00 . 2007-04-28 00:21 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Xfire
2009-08-11 03:47 . 2008-04-08 00:25 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\mIRC
2009-08-10 19:04 . 2008-04-08 00:25 -------- d-----w- c:\program files\mIRC
2009-08-08 02:43 . 2009-04-30 12:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 05:35 . 2009-05-09 04:43 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\VoipCheapCom
2009-08-04 17:39 . 2009-08-04 17:40 1831424 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-07-24 16:27 . 2007-04-28 00:21 -------- d-s---w- c:\program files\Xfire
2009-07-20 02:21 . 2009-07-20 02:21 -------- d-----w- c:\program files\SEGA
2009-07-20 02:21 . 2007-04-27 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 05:08 . 2007-09-09 18:55 -------- d-----w- c:\program files\Blubster
2009-07-18 02:41 . 2009-07-18 02:41 -------- d-----w- c:\docume~1\ADMINI~1\APPLIC~1\Mail.Ru
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-03 17:09 . 2004-08-04 00:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-24 18:24 . 2009-06-24 18:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-17 01:25 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 20:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-04 00:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2008-04-13 23:07 . 2008-04-13 23:07 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-20 943888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"LightScribeService"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [4/27/2007 9:08 AM 16640]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/24/2009 1:04 PM 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/30/2009 7:05 AM 108289]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/23/2009 10:08 AM 305936]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3/22/2009 12:41 PM 13225]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/13/2008 6:07 PM 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 ptiusbf;PTI USB Filter;c:\windows\system32\drivers\ptiusbf.sys [4/14/2001 1:22 AM 22474]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/13/2009 9:12 AM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Ïîèñê@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
FF - ProfilePath - c:\docume~1\ADMINI~1\APPLIC~1\Mozilla\Firefox\Profiles\qwzk4eu8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qwzk4eu8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qwzk4eu8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 09:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:20 AM, on 8/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Ñïóòíèê@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ???????@Mail.Ru - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ñïóòíèê@Mail.Ru - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O8 - Extra context menu item: Ïîèñê@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
O8 - Extra context menu item: Ñëîâàðè@Mail.Ru - res://C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files\Mail.Ru\Agent\magent.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Administrator\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O9 - Extra 'Tools' menuitem: Mail.Ru Agent - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Documents and Settings\Administrator\Application Data\Mail.Ru\Agent\magent.exe (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7689355250
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\KSE\nHancer 32bit\nHancerService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8286 bytes

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-162531612-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,ae,2d,10,a5,ff,e7,4d,b1,18,a2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,ae,2d,10,a5,ff,e7,4d,b1,18,a2,\
.
Completion time: 2009-08-28 9:33
ComboFix-quarantined-files.txt 2009-08-28 14:33

Pre-Run: 159,269,937,152 bytes free
Post-Run: 159,360,217,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

304 --- E O F --- 2008-01-09 04:02
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » August 28th, 2009, 2:14 pm

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » August 31st, 2009, 7:25 am

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player
Advanced SystemCare 3
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AGEIA PhysX v7.07.09
AOE3 Civ Randomizer 1.0.4.250
Apple Software Update
AS Fan Patch 1.1
Athlon 64 Processor Driver
Audiosurf Beta
Audiosurf Demo
Avira AntiVir Personal - Free Antivirus
Blubster 3.0.1
Blubster Toolbar
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Juarez
CCleaner (remove only)
Civilization III
COWON Media Center - jetAudio Basic VX
Defraggler (remove only)
Diablo II
Empire Earth
EPoX Magic BIOS
Frets On Fire
getPlus(R) for Adobe
Google Desktop
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IObit Security 360 RC
J2SE Runtime Environment 5.0 Update 3
Last.fm 1.5.4.24567
Left 4 Dead
LimeWire 4.18.3
Mail.Ru ??????? 2.0.1.54
Mail.Ru Agent 5.3 (build 2564, for all users)
Malwarebytes' Anti-Malware
Medal of Honor Airborne
Medal of Honor Allied Assault
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead Patch 2.15
Medieval II Total War
Microsoft .NET Framework 2.0
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Rise Of Nations
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.0.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Nero 7 Essentials
nHancer 32bit
NVIDIA Drivers
Oblivion
Oblivion - Construction Set
Oblivion mod manager 1.1.12
Panda ActiveScan 2.0
PeerGuardian 2.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
QuickTime
Razer
Razer Diamondback 3G
Rise of Nations Thrones and Patriots
Rome - Total War(TM)
Search Settings 1.2
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sid Meier's Civilization 4 Gold
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
Steam
TAD Patch Launcher
The Ship
The Ship Single Player
The Ship Tutorial
Titan Quest
Titan Quest Immortal Throne
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USBInfo
VC 9.0 Runtime
VC 9.0 Runtime
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6f
VoipCheapCom
WC3Banlist
Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
ZoneAlarm Spy Blocker
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » August 31st, 2009, 10:29 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Blubster 3.0.1
LimeWire 4.18.3


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:

Blubster Toolbar
ZoneAlarm Spy Blocker

Please run a new uninstall list scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » September 1st, 2009, 4:12 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.1.3
Adobe Shockwave Player
Advanced SystemCare 3
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
AGEIA PhysX v7.07.09
AOE3 Civ Randomizer 1.0.4.250
Apple Software Update
AS Fan Patch 1.1
Athlon 64 Processor Driver
Audiosurf Beta
Audiosurf Demo
Avira AntiVir Personal - Free Antivirus
Call of Duty
Call of Duty - United Offensive
Call of Duty(R) 2
Call of Juarez
CCleaner (remove only)
Civilization III
COWON Media Center - jetAudio Basic VX
Defraggler (remove only)
Diablo II
Empire Earth
EPoX Magic BIOS
Frets On Fire
getPlus(R) for Adobe
Google Desktop
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
IObit Security 360 RC
J2SE Runtime Environment 5.0 Update 3
Last.fm 1.5.4.24567
Left 4 Dead
Mail.Ru ??????? 2.0.1.54
Mail.Ru Agent 5.3 (build 2564, for all users)
Malwarebytes' Anti-Malware
Medal of Honor Airborne
Medal of Honor Allied Assault
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead
Medal of Honor Allied Assault(tm) Spearhead Patch 2.15
Medieval II Total War
Microsoft .NET Framework 2.0
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Rise Of Nations
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.0.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML4 Parser
Nero 7 Essentials
nHancer 32bit
NVIDIA Drivers
Oblivion
Oblivion - Construction Set
Oblivion mod manager 1.1.12
Panda ActiveScan 2.0
PeerGuardian 2.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
QuickTime
Razer
Razer Diamondback 3G
Rise of Nations Thrones and Patriots
Rome - Total War(TM)
Search Settings 1.2
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sid Meier's Civilization 4 Gold
Skype™ 4.0
Spelling Dictionaries Support For Adobe Reader 9
Steam
TAD Patch Launcher
The Ship
The Ship Single Player
The Ship Tutorial
Titan Quest
Titan Quest Immortal Throne
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USBInfo
VC 9.0 Runtime
VC 9.0 Runtime
Ventrilo Client
Ventrilo Server
VideoLAN VLC media player 0.8.6f
VoipCheapCom
WC3Banlist
Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 3.1
WinRAR archiver
Xfire (remove only)
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » September 1st, 2009, 11:50 pm

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    c:\docume~1\ADMINI~1\APPLIC~1\LimeWire
    c:\program files\Blubster
    c:\Program Files\LimeWire
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    "c:\\Program Files\\Blubster\\Blubster.exe"=-
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » September 4th, 2009, 11:10 pm

ComboFix 09-09-03.02 - Administrator 09/04/2009 22:01.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1627 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ADMINI~1\APPLIC~1\LimeWire
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\412splashfree.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\414splashfree.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\certificate\limewire.keystore
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\createtimes.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\data.ser
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\downloads.dat
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\fileurns.bak
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\fileurns.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\filters.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\gnutella.net
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\installation.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\library.dat
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\limewire.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\mojito.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\promotion\promodb.backup
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\promotion\promodb.data
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\promotion\promodb.properties
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\promotion\promodb.script
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\pub1.key
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\public.key
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\questions.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\responses.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\secureMessage.key
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\simpp.xml
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\spam.dat
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\tables.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme.lwtp
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\01_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\02_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\03_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\04_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\05_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\chat.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\dir_closed.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\dir_open.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\forward_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\forward_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\kill.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\kill_on.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\lime.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\logo.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\notsearching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\pause_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\pause_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\play_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\play_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\question.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\rewind_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\rewind_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\searching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\splash.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\splashpro.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\stop_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\stop_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\theme.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\black_theme\warning.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme.lwtp
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\01_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\02_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\03_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\04_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\05_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\chat.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\dir_closed.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\dir_open.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\forward_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\forward_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\kill.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\logo.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\notsearching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\pause_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\pause_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\play_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\play_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\question.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\rewind_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\rewind_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\search.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\searching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\splash.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\splashpro.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\stop_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\stop_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\theme.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\classic_theme\warning.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme.lwtp
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\01_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\02_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\03_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\04_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\05_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\chat.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\dir_closed.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\dir_open.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\forward_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\forward_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\kill.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\kill_on.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\lime.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\logo.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\notsearching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\pause_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\pause_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\play_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\play_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\question.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\rewind_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\searching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\splash.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\splashpro.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\stop_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\stop_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\theme.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\limewire_theme\warning.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme.lwtp
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\01_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\02_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\03_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\04_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\05_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\chat.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\forward_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\forward_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\kill.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\kill_on.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\logo.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\notsearching.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\pause_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\pause_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\play_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\play_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\question.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\rewind_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\rewind_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\searching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\splash.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\splashpro.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\stop_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\stop_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\theme.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\other_theme\warning.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme.lwtp
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\01_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\02_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\03_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\04_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\05_star.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\chat.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\forward_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\forward_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\kill.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\kill_on.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\logo.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\notsearching.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\pause_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\pause_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\play_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\play_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\question.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\rewind_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\rewind_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\searching.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\splash.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\splashpro.png
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\stop_dn.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\stop_up.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\theme.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\version.txt
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\themes\windows_theme\warning.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\ttree.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\ttrees.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\ttroot.cache
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\update.xml
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\version.key
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\version.xml
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\versions.props
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\data\audio.sxml2
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\data\delete_me
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\misc\application.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\misc\audio.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\misc\document.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\misc\image.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\misc\video.gif
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\schemas\application.xsd
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\schemas\audio.xsd
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\schemas\document.xsd
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\schemas\image.xsd
c:\docume~1\ADMINI~1\APPLIC~1\LimeWire\xml\schemas\video.xsd
c:\program files\Blubster
c:\program files\Blubster\My Shared Folder\ Air Traffic - Shooting Star .mp3
c:\program files\Blubster\My Shared Folder\ The Specials - Ghost Town.MP3
c:\program files\Blubster\My Shared Folder\ The Stills - Ready For It.mp3
c:\program files\Blubster\My Shared Folder\01 - Radiohead - 15 Step.MP3
c:\program files\Blubster\My Shared Folder\02- Bloc Party - Hunting For Witches.Mp3
c:\program files\Blubster\My Shared Folder\03 - Radiohead - Nude.MP3
c:\program files\Blubster\My Shared Folder\03 Maximo Park - Books From Boxes.mp3
c:\program files\Blubster\My Shared Folder\04 - The Libertines - The Man Who Would Be King.mp3
c:\program files\Blubster\My Shared Folder\04 Arctic Monkeys - Choo Choo.mp3
c:\program files\Blubster\My Shared Folder\06 - Binary Love.mp3
c:\program files\Blubster\My Shared Folder\07 - Bloc Party - This Modern Love.mp3
c:\program files\Blubster\My Shared Folder\07 - Radiohead - Reckoner.MP3
c:\program files\Blubster\My Shared Folder\08 - Radiohead - House Of Cards.MP3
c:\program files\Blubster\My Shared Folder\08 Athlete - Street Map.mp3
c:\program files\Blubster\My Shared Folder\09 - Radiohead - Jigsaw Falling Into Place.MP3
c:\program files\Blubster\My Shared Folder\10 - Radiohead - Videotape.MP3
c:\program files\Blubster\My Shared Folder\22. Manic Street Preachers - Your Love Alone Is Not Enough.mp3
c:\program files\Blubster\My Shared Folder\457 - The Ramones - Sheena Is A Punk Rocker.mp3
c:\program files\Blubster\My Shared Folder\80's Clash - Rock The Casbah.mp3
c:\program files\Blubster\My Shared Folder\Air Traffic - Charlotte.mp3
c:\program files\Blubster\My Shared Folder\Air Traffic - Just Abuse Me.mp3
c:\program files\Blubster\My Shared Folder\Air Traffic - Never Even Told Me Her Name.mp3
c:\program files\Blubster\My Shared Folder\AlbumArt_{9B91279E-C65C-4EB6-B395-8F0A556EDD76}_Large.jpg
c:\program files\Blubster\My Shared Folder\AlbumArt_{9B91279E-C65C-4EB6-B395-8F0A556EDD76}_Small.jpg
c:\program files\Blubster\My Shared Folder\AlbumArt_{9D33F16E-10B3-4FFC-9DE0-18D85B2ADA5B}_Large.jpg
c:\program files\Blubster\My Shared Folder\AlbumArt_{9D33F16E-10B3-4FFC-9DE0-18D85B2ADA5B}_Small.jpg
c:\program files\Blubster\My Shared Folder\AlbumArt_{A2560D30-03CD-4D5E-BE54-05766B8FBFCD}_Large.jpg
c:\program files\Blubster\My Shared Folder\AlbumArt_{A2560D30-03CD-4D5E-BE54-05766B8FBFCD}_Small.jpg
c:\program files\Blubster\My Shared Folder\AlbumArtSmall.jpg
c:\program files\Blubster\My Shared Folder\Allman Brothers Band - Jessica.mp3
c:\program files\Blubster\My Shared Folder\Arab Strap - turbulence.mp3
c:\program files\Blubster\My Shared Folder\Arcade Fire - Keep the Car Running.mp3
c:\program files\Blubster\My Shared Folder\arcade fire - neon bible - 03 - neon bible.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - 05 - You Probably Couldnt See For The Lights But You Were Looking Straight At Me.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - 10 - Perhaps Vampires Is A Bit Strong But... - www.torrentazos.com.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Choo Choo.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - cigarette smoke.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Curtains Close.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Dancing Shoes.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Love Machine-Girls Aloud Cover (Radio1 Live Lounge 19-01-06).MP3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Love Machine.MP3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - No Buses.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Settle For A Draw.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Seven.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Space Invaders.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Stickin' To The Floor.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys - Despair In The Departure Lounge.mp3
c:\program files\Blubster\My Shared Folder\Arctic Monkeys ft. Dizzee Rascal - Temptation Greets You Like Your Naughty Friend.mp3
c:\program files\Blubster\My Shared Folder\Athlete - Wires.mp3
c:\program files\Blubster\My Shared Folder\Athlete - El Salvador.mp3
c:\program files\Blubster\My Shared Folder\athlete - tourist.mp3
c:\program files\Blubster\My Shared Folder\Band of Horses - The First Song.mp3
c:\program files\Blubster\My Shared Folder\Band of Horses - The Great Salt Lake.mp3
c:\program files\Blubster\My Shared Folder\Big Audio Dynamite - Rush.mp3
c:\program files\Blubster\My Shared Folder\Bloc Party - Banquet.mp3
c:\program files\Blubster\My Shared Folder\Bloc Party - Helicopter.mp3
c:\program files\Blubster\My Shared Folder\Bloc Party - Positive Tension.mp3
c:\program files\Blubster\My Shared Folder\Bloc Party - The Prayer.mp3
c:\program files\Blubster\My Shared Folder\Block Party - Blue Light.mp3
c:\program files\Blubster\My Shared Folder\Blue Oyster Cult - Dont Fear the Reaper.mp3
c:\program files\Blubster\My Shared Folder\Blur - Out Of Time.mp3
c:\program files\Blubster\My Shared Folder\Blur - Charmless Man.mp3
c:\program files\Blubster\My Shared Folder\Bob Dylan - Like A Rolling Stone.mp3
c:\program files\Blubster\My Shared Folder\Boy Kill Boy - Back Again.mp3
c:\program files\Blubster\My Shared Folder\Boy Kill Boy - Civil Sin.mp3
c:\program files\Blubster\My Shared Folder\Boy Kill Boy - Suzie.mp3
c:\program files\Blubster\My Shared Folder\British Sea Power - Carrion.mp3
c:\program files\Blubster\My Shared Folder\British Sea Power - Remember me.mp3
c:\program files\Blubster\My Shared Folder\Bush - The Chemicals Between Us .mp3
c:\program files\Blubster\My Shared Folder\Ceasars - Jerk It Out.mp3
c:\program files\Blubster\My Shared Folder\Coldplay - Stop Me If You Think You've Heard This One Before (Live - The Smiths Cover).mp3
c:\program files\Blubster\My Shared Folder\Coldplay - Violet Hill.MP3
c:\program files\Blubster\My Shared Folder\Coldplay - Violet Hill_(official Web-Release).mp3
c:\program files\Blubster\My Shared Folder\Coldplay - Viva La Vida.mp3
c:\program files\Blubster\My Shared Folder\Copy of The Kooks - California.mp3
c:\program files\Blubster\My Shared Folder\Copy of The kooks - Eddies gun.mp3
c:\program files\Blubster\My Shared Folder\Copy of The Kooks - Ooh La.mp3
c:\program files\Blubster\My Shared Folder\Copy of The Kooks - Seaside.mp3
c:\program files\Blubster\My Shared Folder\DAD - The Stranglers - Golden Brown.mp3
c:\program files\Blubster\My Shared Folder\death cab for cutie - All is Full of Love.mp3
c:\program files\Blubster\My Shared Folder\Death Cab for Cutie - I Will Follow You Into the Dark.mp3
c:\program files\Blubster\My Shared Folder\Death Cab For Cutie - Soul Meets Body.mp3
c:\program files\Blubster\My Shared Folder\Death Cab for Cutie - The Sound of Settling.mp3
c:\program files\Blubster\My Shared Folder\Deep Blue Something - Breakfast At Tiffanys .mp3
c:\program files\Blubster\My Shared Folder\desktop.ini
c:\program files\Blubster\My Shared Folder\Editors - Smokers Outside The Hospital Doors.mp3
c:\program files\Blubster\My Shared Folder\Eric Johnson - Cliffs Of Dover.mp3
c:\program files\Blubster\My Shared Folder\everything but the girl - Back to the Old House (Smiths Cover - Live).mp3
c:\program files\Blubster\My Shared Folder\Feist - 1234.mp3
c:\program files\Blubster\My Shared Folder\Flaming Lips - Race for the Prize.mp3
c:\program files\Blubster\My Shared Folder\Folder.jpg
c:\program files\Blubster\My Shared Folder\Garbage - I Think I'm Paranoid.mp3
c:\program files\Blubster\My Shared Folder\Gary Jules - Mad World.mp3
c:\program files\Blubster\My Shared Folder\Grandaddy - AM 180.mp3
c:\program files\Blubster\My Shared Folder\Grits - My life be like.mp3
c:\program files\Blubster\My Shared Folder\Hot Chip - Over And Over.mp3
c:\program files\Blubster\My Shared Folder\Hot Hot Heat - 10 - Middle Of Nowhere.mp3
c:\program files\Blubster\My Shared Folder\Hot Hot Heat - Bandages.mp3
c:\program files\Blubster\My Shared Folder\hot hot heat - goodnight goodnight.mp3
c:\program files\Blubster\My Shared Folder\Hot Hot Heat - Island Of The Honest Man.mp3
c:\program files\Blubster\My Shared Folder\Hot Hot Heat - Talk To Me, Dance With Me.mp3
c:\program files\Blubster\My Shared Folder\Hot Hot Heat - You Owe Me an IOU.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_05 - Radiohead - All I Need.MP3
c:\program files\Blubster\My Shared Folder\Incomplete_06 - Muse - Citizen Erased.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_09-morrissey-on_the_streets_i_ran.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Arab Strap - The Shy Retirer EP - 05 - you shook me all night long.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_babyshambles-delivery.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Babyshambles - Delivery.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Byrds - Turn! Turn! Turn! (To Everything There Is A Season) - from Forrest Gump The Soundtrack(1).mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Deep Blue Something - Breakfast At Tiffanys - 90's Pop.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Interpol - Stella was a diver and she was always down.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Kasabian - Empire.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Keane - Perfect Symmetry - 02 - The Lovers Are Losing.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Maximo Park - Russian Literature.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Maximo Park - The Coast Is Always Changing.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_morrissey - 05 - ringleader of the tormentors - in the future when all's well.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_My Bloody Valentine - Blown A Wish.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Nick Drake - Fly.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Nick Drake - Northern Sky.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Nick Drake - One Of These Things First.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_nick drake - Suicide Is Painless.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Nick Drake - Time Has Told Me.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Preview_My Bloody Valentine - What You Want.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Preview_The arctic Monkeys - Next Morning ( www.calicojack.tk ).mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Preview_The Byrds - Hey Mr. Tamborine Man.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_SOUNDTRACK - Royal Tenenbaums - Nick Drake - Fly.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Cribs - Martell.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The New Pornographers - 04 - Myriad Harbour.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Stills - Still in love song.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Strokes - 15 Minutes Of Pain.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Subways - I Want To Hear What You Got To Say 1.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Vines - Highly Evolved.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Vines - Outtathaway!.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_The Vines - Outtathaway.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Tv on the radio- Wolf Like Me.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Velvet Underground - I'm Waiting For The Man.mp3
c:\program files\Blubster\My Shared Folder\Incomplete_Voxtrot - Rise Up in the Dirt.mp3
c:\program files\Blubster\My Shared Folder\Interpol - Evil.mp3
c:\program files\Blubster\My Shared Folder\Interpol - Specialist.mp3
c:\program files\Blubster\My Shared Folder\Interpol - The Heinrich Maneuver .mp3
c:\program files\Blubster\My Shared Folder\Joy Division - Love Will Tear us Apart.mp3
c:\program files\Blubster\My Shared Folder\joy division - she's lost control.mp3
c:\program files\Blubster\My Shared Folder\Joy Division - Transmission.mp3
c:\program files\Blubster\My Shared Folder\Kaiser Chiefs - Every Day I Love You Less And Less (XFM Music_ Response Session, 11-2-04).mp3
c:\program files\Blubster\My Shared Folder\Kaiser Chiefs - Everything Is Average Nowadays.mp3
c:\program files\Blubster\My Shared Folder\Kaiser Chiefs - Never Miss a Beat.mp3
c:\program files\Blubster\My Shared Folder\Kaiser Chiefs - Oh My God.mp3
c:\program files\Blubster\My Shared Folder\Kasabian - Club Foot.mp3
c:\program files\Blubster\My Shared Folder\Kasabian - Empire.mp3
c:\program files\Blubster\My Shared Folder\Kasabian - LSF.mp3
c:\program files\Blubster\My Shared Folder\Keane- Spiralling.mp3
c:\program files\Blubster\My Shared Folder\Keane - 02 - This Is The Last Time.mp3
c:\program files\Blubster\My Shared Folder\Keane - 09 - Try Again - Under The Iron Sea - 2006.mp3
c:\program files\Blubster\My Shared Folder\keane - a bad dream.mp3
c:\program files\Blubster\My Shared Folder\Keane - Bedshaped.mp3
c:\program files\Blubster\My Shared Folder\Keane - On A Day Like Today.mp3
c:\program files\Blubster\My Shared Folder\Keane - Perfect Symmetry - 05 - Perfect Symmetry.mp3
c:\program files\Blubster\My Shared Folder\Keane - Sunshine.mp3
c:\program files\Blubster\My Shared Folder\Keane - The Lovers Are Losing.mp3
c:\program files\Blubster\My Shared Folder\Keane - This is the Last Time.mp3
c:\program files\Blubster\My Shared Folder\Keane - We Might As Well be Strangers.mp3
c:\program files\Blubster\My Shared Folder\Keane - Your Eyes Open.mp3
c:\program files\Blubster\My Shared Folder\Kings of Leon-On call.mp3
c:\program files\Blubster\My Shared Folder\Kings Of Leon - 02 - Charmer.mp3
c:\program files\Blubster\My Shared Folder\Kings of Leon - Milk.mp3
c:\program files\Blubster\My Shared Folder\Kings of Leon - The Bucket.mp3
c:\program files\Blubster\My Shared Folder\Kings Of Leon Knocked Up.mp3
c:\program files\Blubster\My Shared Folder\kings_of_leon-fans.mp3
c:\program files\Blubster\My Shared Folder\Klaxons - Golden Skans.mp3
c:\program files\Blubster\My Shared Folder\Klaxons - Not Over Yet.mp3
c:\program files\Blubster\My Shared Folder\Libertines - Music When The Lights Go Out.mp3
c:\program files\Blubster\My Shared Folder\Mando Diao - Battle.mp3
c:\program files\Blubster\My Shared Folder\Mando Diao - Down In The Past.mp3
c:\program files\Blubster\My Shared Folder\Mando Diao - God Knows.mp3
c:\program files\Blubster\My Shared Folder\Mando Diao - Long Before Rock 'n' Roll 1.mp3
c:\program files\Blubster\My Shared Folder\Mando Diao - Paralyzed.mp3
c:\program files\Blubster\My Shared Folder\Manic Street Preachers - A Design For Life.mp3
c:\program files\Blubster\My Shared Folder\Manic Street Preachers - If You Tolerate This.mp3
c:\program files\Blubster\My Shared Folder\Manic Street Preachers - Motorcycle Emptiness.mp3
c:\program files\Blubster\My Shared Folder\Manic Street Preachers - You Stole The Sun From My Heart.mp3
c:\program files\Blubster\My Shared Folder\Manic Street Preachers - Your Love Alone Is Not Enough.mp3
c:\program files\Blubster\My Shared Folder\Matchbox 20 - Bright Lights.mp3
c:\program files\Blubster\My Shared Folder\Maximo Park - Apply Some Pressure.mp3
c:\program files\Blubster\My Shared Folder\Maximo Park - Girls Who Play Guitars.mp3
c:\program files\Blubster\My Shared Folder\Maximo Park - Graffiti.mp3
c:\program files\Blubster\My Shared Folder\maximo park - Postcard of a painting.mp3
c:\program files\Blubster\My Shared Folder\Modest Mouse - Blame It On The Tetons.mp3
c:\program files\Blubster\My Shared Folder\Morrissey--03 - November spawned a monster.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - 03 you have killed me.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - America is not the world.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Break Up The Family.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Certain People I Know.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Come Back to Camden.wma
c:\program files\Blubster\My Shared Folder\Morrissey - Driving Your Girlfriend Home.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - First of the gang to Die.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Hairdresser On Fire.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - I Am Hated For Loving.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - i just want to see the boy happy.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Let me kiss you.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - National Front Disco.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Ouija Board Ouija Board.mp3
c:\program files\Blubster\My Shared Folder\morrissey - the youngest was the most loved.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - Yes, I Am Blind.mp3
c:\program files\Blubster\My Shared Folder\Morrissey - You Have Killed Me.mp3
c:\program files\Blubster\My Shared Folder\morrissey -irish blood, english heart.wma
c:\program files\Blubster\My Shared Folder\Morrissey (The Smiths) - Shakespeare's Sister.mp3
c:\program files\Blubster\My Shared Folder\Muse - 04 - Sing for Absolution.mp3
c:\program files\Blubster\My Shared Folder\Muse - 05 - Stockholm Syndrome.mp3
c:\program files\Blubster\My Shared Folder\Muse - 08 - Hysteria.mp3
c:\program files\Blubster\My Shared Folder\Muse - Assassin.mp3
c:\program files\Blubster\My Shared Folder\Muse - Black Holes And Revelations (2006) - 06 - Invincible.mp3
c:\program files\Blubster\My Shared Folder\Muse - Blackout.mp3
c:\program files\Blubster\My Shared Folder\Muse - Bliss.mp3
c:\program files\Blubster\My Shared Folder\Muse - Butterflies and Hurricanes.mp3
c:\program files\Blubster\My Shared Folder\Muse - Cant Take My Eyes Off Of You.mp3
c:\program files\Blubster\My Shared Folder\Muse - Falling Away with You.mp3
c:\program files\Blubster\My Shared Folder\Muse - Feeling Good.mp3
c:\program files\Blubster\My Shared Folder\Muse - Hysteria.mp3
c:\program files\Blubster\My Shared Folder\Muse - Map Of The Problematique.mp3
c:\program files\Blubster\My Shared Folder\Muse - New Born.mp3
c:\program files\Blubster\My Shared Folder\Muse - Sing for Absolution.mp3
c:\program files\Blubster\My Shared Folder\Muse - Soldier's Poem.mp3
c:\program files\Blubster\My Shared Folder\Muse - Take A Bow.mp3
c:\program files\Blubster\My Shared Folder\Muse - Thoughts of A Dying Atheist.mp3
c:\program files\Blubster\My Shared Folder\My Bloody Valentine - What You Want.mp3
c:\program files\Blubster\My Shared Folder\My Bloody Valentine - (When You Wake) You're Still In A Dream.mp3
c:\program files\Blubster\My Shared Folder\My Bloody Valentine - Sometimes.mp3
c:\program files\Blubster\My Shared Folder\My Bloody Valentine - Soon.mp3
c:\program files\Blubster\My Shared Folder\My Bloody Valentine - When You Sleep.mp3
c:\program files\Blubster\My Shared Folder\My Morning Jacket - Off The Record.mp3
c:\program files\Blubster\My Shared Folder\My Morning Jacket - one big holiday.mp3
c:\program files\Blubster\My Shared Folder\My Morning Jacket - Wordless Chorus.mp3
c:\program files\Blubster\My Shared Folder\New Order-Regret.mp3
c:\program files\Blubster\My Shared Folder\New Order - Ceremony.mp3
c:\program files\Blubster\My Shared Folder\New Order - Regret.mp3
c:\program files\Blubster\My Shared Folder\Nick Drake - Pink Moon.mp3
c:\program files\Blubster\My Shared Folder\Oasis - Don't Look Back In Anger.mp3
c:\program files\Blubster\My Shared Folder\Oasis - Fuckin' In The Bushes.mp3
c:\program files\Blubster\My Shared Folder\Oasis - Live Forever.mp3
c:\program files\Blubster\My Shared Folder\Oasis - Morning Glory.mp3
c:\program files\Blubster\My Shared Folder\Oasis - The Masterplan.mp3
c:\program files\Blubster\My Shared Folder\Peter, Bjorn & John - Young Folks.mp3
c:\program files\Blubster\My Shared Folder\Pink Floyd - Comfortably Numb.mp3
c:\program files\Blubster\My Shared Folder\Placebo - Bigmouth Strikes Again (The Smiths Morrissey cover).mp3
c:\program files\Blubster\My Shared Folder\Pulp - Common People.mp3
c:\program files\Blubster\My Shared Folder\radio head - radiohead - creep acoustic.mp3
c:\program files\Blubster\My Shared Folder\Radiohead- In Rainbows - House Of Cards.MP3
c:\program files\Blubster\My Shared Folder\Radiohead- Wish You Were Here (pinkfloyd cover).mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Amnesiac (Studio) - 06 - Knives Out.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Creep.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Fake Plastic Trees.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Faust Arp.MP3
c:\program files\Blubster\My Shared Folder\Radiohead - How to Disappear Completely.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Idioteque.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - In Rainbows - 02 - Bodysnatchers.MP3
c:\program files\Blubster\My Shared Folder\Radiohead - In Rainbows - 03 - Nude.MP3
c:\program files\Blubster\My Shared Folder\Radiohead - In Rainbows - 05 - All I Need.MP3
c:\program files\Blubster\My Shared Folder\Radiohead - My Iron Lung.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - No Surprises.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Paranoid Android.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Pyramid Song.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - Subterranean Homesick Alien.mp3
c:\program files\Blubster\My Shared Folder\Radiohead - The Bends.mp3
c:\program files\Blubster\My Shared Folder\Ramones - Beat On The Brat.mp3
c:\program files\Blubster\My Shared Folder\Razorlight - America.mp3
c:\program files\Blubster\My Shared Folder\Red hot chili peppers - Californication.mp3
c:\program files\Blubster\My Shared Folder\Red Hot Chili Peppers - Higher Ground.mp3
c:\program files\Blubster\My Shared Folder\Red hot chili peppers - Tell me baby.mp3
c:\program files\Blubster\My Shared Folder\Richard Ashcroft - Break the Night With Colour.mp3
c:\program files\Blubster\My Shared Folder\Richard Ashcroft - 01 - Check the Meaning.mp3
c:\program files\Blubster\My Shared Folder\Richard Ashcroft - A Song For The Lovers.mp3
c:\program files\Blubster\My Shared Folder\richard ashcroft - crazy world.mp3
c:\program files\Blubster\My Shared Folder\Richard_Ashcroft - Break_The_Night_With_Colour.mp3
c:\program files\Blubster\My Shared Folder\sigur ros - avalon.mp3
c:\program files\Blubster\My Shared Folder\Sigur Ros - Glosoli.mp3
c:\program files\Blubster\My Shared Folder\Sigur Ros - Saeglopur.mp3
c:\program files\Blubster\My Shared Folder\sigur ros - staralfur.mp3
c:\program files\Blubster\My Shared Folder\Sigur Ros - Vanilla Sky Soundtrack - The Nothing Song.mp3
c:\program files\Blubster\My Shared Folder\Smiths - Across the universe.mp3
c:\program files\Blubster\My Shared Folder\Smiths - Some Girls Are Bigger Than Others .mp3
c:\program files\Blubster\My Shared Folder\Smiths - The Last Of The Famous International Playboys_Morrissey_World of Morrisey.mp3
c:\program files\Blubster\My Shared Folder\Smiths - The Queen Is Dead.mp3
c:\program files\Blubster\My Shared Folder\Snow Patrol - Open Your Eyes.mp3
c:\program files\Blubster\My Shared Folder\Snow Patrol - Run.mp3
c:\program files\Blubster\My Shared Folder\Snow Patrol - You're All I Have.mp3
c:\program files\Blubster\My Shared Folder\Snow Patrol - Youre All I Have .mp3
c:\program files\Blubster\My Shared Folder\Starsailor - silence is easy.mp3
c:\program files\Blubster\My Shared Folder\Stone Roses - I Am The Resurrection.mp3
c:\program files\Blubster\My Shared Folder\Stone Roses - She Bangs The Drums.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Creep.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Half the man I used to be.MP3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Interstate Love Song.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Plush.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Sour Girl.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Vasoline.mp3
c:\program files\Blubster\My Shared Folder\Stone Temple Pilots - Wicked Garden.mp3
c:\program files\Blubster\My Shared Folder\Strokes, The - Trying Your Luck.mp3
c:\program files\Blubster\My Shared Folder\The Arcade Fire - Intervention.mp3
c:\program files\Blubster\My Shared Folder\The Arcade Fire - Keep The Car Running.mp3
c:\program files\Blubster\My Shared Folder\The Arcade Fire - Neon Bible - 06 - Ocean of Noise.mp3
c:\program files\Blubster\My Shared Folder\The Arcade Fire - No Cars Go.mp3
c:\program files\Blubster\My Shared Folder\the bravery - Open Heart Surgery.mp3
c:\program files\Blubster\My Shared Folder\The Byrds - Hey Mr. Tamborine Man.mp3
c:\program files\Blubster\My Shared Folder\The Byrds - Mr. Tambourine Man (60s).MP3
c:\program files\Blubster\My Shared Folder\The Byrds - Mr. Tambourine Man.mp3
c:\program files\Blubster\My Shared Folder\The Byrds - Turn, Turn, Turn.mp3
c:\program files\Blubster\My Shared Folder\The Clash - London Calling.mp3
c:\program files\Blubster\My Shared Folder\The Clash - Should I Stay or Should I Go.mp3
c:\program files\Blubster\My Shared Folder\The Clash - The Guns Of Brixton.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Another Number.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Be Safe.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Hey Scenesters.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - I'm A Realist.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Mens Needs.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Mirror Kissers.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Modern Way.mp3
c:\program files\Blubster\My Shared Folder\The Cribs - Moving Pictures.mp3
c:\program files\Blubster\My Shared Folder\The Cure - A Forest.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Close To Me.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Friday I'm In Love.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Just Like Heaven.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Love Song.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Lullaby.mp3
c:\program files\Blubster\My Shared Folder\The Cure - Pictures Of You.mp3
c:\program files\Blubster\My Shared Folder\The Dandy Warhols - Bohemian Like You.mp3
c:\program files\Blubster\My Shared Folder\The Doves - black and white town.mp3
c:\program files\Blubster\My Shared Folder\The Doves - Caught by the River.mp3
c:\program files\Blubster\My Shared Folder\The Doves - Satellites.mp3
c:\program files\Blubster\My Shared Folder\The editors - An end has a start.mp3
c:\program files\Blubster\My Shared Folder\The Editors - The Racing Rats.mp3
c:\program files\Blubster\My Shared Folder\The Flaming Lips - Yoshimi Battles The Pink Robots pt. 1.mp3
c:\program files\Blubster\My Shared Folder\the format - If Work Permits.mp3
c:\program files\Blubster\My Shared Folder\The Futureheads - Hounds Of Love.mp3
c:\program files\Blubster\My Shared Folder\The Hives - 11 - Knock Knock.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Abra Cadaver.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Die, All Right.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Find another girl.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Hate To Say I Told You So.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Here We Go Again.mp3
c:\program files\Blubster\My Shared Folder\The Hives - I'm A Wicked One.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Main Offender.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Tick Tick Boom.mp3
c:\program files\Blubster\My Shared Folder\The Hives - Walk Idiot Walk.mp3
c:\program files\Blubster\My Shared Folder\The Killers - Shadowplay.mp3
c:\program files\Blubster\My Shared Folder\The Klaxons - Atlantis to Interzone.mp3
c:\program files\Blubster\My Shared Folder\The Klaxons - Golden Skans.mp3
c:\program files\Blubster\My Shared Folder\The Klaxons - Gravity's Rainbow.mp3
c:\program files\Blubster\My Shared Folder\The Kooks - California.mp3
c:\program files\Blubster\My Shared Folder\The kooks - Eddies gun.mp3
c:\program files\Blubster\My Shared Folder\The Kooks - Ooh La.mp3
c:\program files\Blubster\My Shared Folder\The Kooks - Seaside.mp3
c:\program files\Blubster\My Shared Folder\The Kooks - She Moves In Her Own Way.mp3
c:\program files\Blubster\My Shared Folder\The Kooks - Too Much Of Nothing.mp3
c:\program files\Blubster\My Shared Folder\the libertines - last post on the bugle.mp3
c:\program files\Blubster\My Shared Folder\The libertines - music when the lights go out.mp3
c:\program files\Blubster\My Shared Folder\The Libertines - What A Waster.mp3
c:\program files\Blubster\My Shared Folder\The Libertines - What Became Of the Likely Lads.mp3
c:\program files\Blubster\My Shared Folder\The Libertines - What Katie Did.mp3
c:\program files\Blubster\My Shared Folder\The New Pornographers - Use It.mp3
c:\program files\Blubster\My Shared Folder\The OC soundtrack - We Used To Be Friends - The Dandy Warhols.mp3
c:\program files\Blubster\My Shared Folder\The Rakes - 22 Grand Job .mp3
c:\program files\Blubster\My Shared Folder\The Rakes - 22 Grand Job [2004].mp3
c:\program files\Blubster\My Shared Folder\The Rakes - 22 Grand Job.mp3
c:\program files\Blubster\My Shared Folder\the rakes - binary love.mp3
c:\program files\Blubster\My Shared Folder\The Ramones - Blitzkrieg Bop.mp3
c:\program files\Blubster\My Shared Folder\The Ramones - Hey Ho, Lets Go.mp3
c:\program files\Blubster\My Shared Folder\The Ramones - I Wanna Be Sedated.mp3
c:\program files\Blubster\My Shared Folder\the smiths-meat is murder - 08 - well I wonder.mp3
c:\program files\Blubster\My Shared Folder\The Smiths-Never Been Kissed Soundtrack- Please, Please, Please Let me- .MP3
c:\program files\Blubster\My Shared Folder\The Smiths-Still Ill.mp3
c:\program files\Blubster\My Shared Folder\The Smiths-Suffer Little Children.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Sheila Take a Bow.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Stretch Out and Wait.wma
c:\program files\Blubster\My Shared Folder\The Smiths - This Night Has Opened My Eyes.wma
c:\program files\Blubster\My Shared Folder\The Smiths - 12.Hand In Glove.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Accept Yourself.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Ask.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Back to the Old House.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Barbarism Begins At Home.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Death Of A Disco Dancer.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Girl Afraid.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Girlfriend in a Coma.mp3
c:\program files\Blubster\My Shared Folder\the smiths - Half a Person.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Handsome Devil.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - I Am Human.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - I Know Its Over.mp3
c:\program files\Blubster\My Shared Folder\the smiths - morrissey - jack the ripper.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Panic.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Please, Please, Please, Let Me Get What I Want.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Pretty Girls make Graves.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Rubber ring.MP3
c:\program files\Blubster\My Shared Folder\The Smiths - Shoplifters of The World Unite.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Some Girls Are Bigger Than Others.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Stop Me If You Think You've Heard This One Before.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - That Joke Isn't Funny Anymore.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - This Night Has Opened My Eyes (1984).mp3
c:\program files\Blubster\My Shared Folder\The Smiths - Unhappy Birthday.mp3
c:\program files\Blubster\My Shared Folder\The Smiths - What Difference Does it Make.mp3
c:\program files\Blubster\My Shared Folder\The Smiths morrissey - Ouija Board, Ouija Board.mp3
c:\program files\Blubster\My Shared Folder\The Smiths morrissey - Unloveable.mp3
c:\program files\Blubster\My Shared Folder\The Stills - Lola stars and stripes.mp3
c:\program files\Blubster\My Shared Folder\The Stills - Love & Death.mp3
c:\program files\Blubster\My Shared Folder\the stills - love and death.mp3
c:\program files\Blubster\My Shared Folder\The Stills - Of Montreal.mp3
c:\program files\Blubster\My Shared Folder\The Stills - Still in love song.mp3
c:\program files\Blubster\My Shared Folder\The Stone Roses - 10 - Tears.mp3
c:\program files\Blubster\My Shared Folder\The Stone Roses - I Wanna Be Adored.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Meet Me In The Bathroom.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - 04 - Razorblade.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - 11 - Take It Or Leave It.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - 12.51.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - 14 Red Light.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Alone Together.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Automatic Stop.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Barely Legal.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Hard To Explain.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Heart in a cage.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Ill Try Anything Once.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - In Her Prime .mp3
c:\program files\Blubster\My Shared Folder\The Strokes - In Her Prime.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Is This It.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Last Night.MP3
c:\program files\Blubster\My Shared Folder\The Strokes - Modern Girls and Old Fashioned Men (With Regina Spektor).mp3
c:\program files\Blubster\My Shared Folder\The Strokes - New York City Cops.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - Soma.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - The End Has No End.mp3
c:\program files\Blubster\My Shared Folder\The Strokes - What Ever Happened.mp3
c:\program files\Blubster\My Shared Folder\The Subways - I Want To Hear What You Got To Say.mp3
c:\program files\Blubster\My Shared Folder\The Subways - Oh Yeah.mp3
c:\program files\Blubster\My Shared Folder\The Subways - Rock & Roll Queen.mp3
c:\program files\Blubster\My Shared Folder\The Subways - Rock and Roll Queen.mp3
c:\program files\Blubster\My Shared Folder\the velvet underground - Femme Fatale.mp3
c:\program files\Blubster\My Shared Folder\The Velvet Underground - Heroin.mp3
c:\program files\Blubster\My Shared Folder\the Velvet Underground - I'm Waiting For The Man.mp3
c:\program files\Blubster\My Shared Folder\The Velvet Underground - Sunday Morning.mp3
c:\program files\Blubster\My Shared Folder\The Velvet Underground - Venus In Furs.mp3
c:\program files\Blubster\My Shared Folder\The View - Wasted Little DJs.mp3
c:\program files\Blubster\My Shared Folder\The Vines - Get Free .mp3
c:\program files\Blubster\My Shared Folder\The Vines - Ride.mp3
c:\program files\Blubster\My Shared Folder\The Wallflowers - 6th Avenue Heartache.mp3
c:\program files\Blubster\My Shared Folder\The Wallflowers - One Headlight.mp3
c:\program files\Blubster\My Shared Folder\The Wallflowers - The Difference.mp3
c:\program files\Blubster\My Shared Folder\The Wallflowers - Three Marlenas.mp3
c:\program files\Blubster\My Shared Folder\The yeah yeah yeahs - gold lion.mp3
c:\program files\Blubster\My Shared Folder\The Yeah Yeah Yeahs - Maps .mp3
c:\program files\Blubster\My Shared Folder\Thirteen Senses - Into The Fire.mp3
c:\program files\Blubster\My Shared Folder\Travis - My Eyes.mp3
c:\program files\Blubster\My Shared Folder\Travis - Side.mp3
c:\program files\Blubster\My Shared Folder\Tv On The Radio - Wolf Like Me.mp3
c:\program files\Blubster\My Shared Folder\tv on the radio Wolf Like Me.mp3
c:\program files\Blubster\My Shared Folder\Velvet Underground & Nico - I'm Waiting for the Man.mp3
c:\program files\Blubster\My Shared Folder\Verve Pipe - The Freshman.mp3
c:\program files\Blubster\My Shared Folder\Voxtrot - Long Haul.mp3
c:\program files\Blubster\My Shared Folder\Voxtrot - TheStartOfSomething.mp3
c:\program files\Blubster\My Shared Folder\We are Scientists - After Hours(1).mp3
c:\program files\Blubster\My Shared Folder\We are Scientists - After Hours.mp3
c:\program files\Blubster\My Shared Folder\We are Scientists - After Hours.zip
c:\program files\Blubster\My Shared Folder\We Are Scientists - Cash Cow.mp3
c:\program files\Blubster\My Shared Folder\We Are Scientists - Its A Hit.mp3
c:\program files\Blubster\My Shared Folder\We Are Scientists - Nobody Move Nobody Get Hurt.mp3
c:\program files\Blubster\My Shared Folder\Weezer - Buddy Holly.mp3
c:\program files\Blubster\My Shared Folder\Weezer - Island In The Sun.mp3
c:\program files\Blubster\My Shared Folder\Weezer - Perfect Situation.mp3
c:\program files\Blubster\My Shared Folder\Weezer - Pork And Beans.mp3
c:\program files\Blubster\My Shared Folder\Weezer - Say It Aint So.mp3
c:\program files\Blubster\My Shared Folder\Wilco - Either Way.mp3
c:\program files\Blubster\My Shared Folder\Wilco - Heavy Metal Drummer.mp3
c:\program files\Blubster\My Shared Folder\Wilco - I Must Be High.mp3

.
((((((((((((((((((((((((( Files Created from 2009-08-05 to 2009-09-05 )))))))))))))))))))))))))))))))
.

2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-27 17:06 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-27 17:06 . 2009-08-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-27 17:06 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-24 18:59 . 2009-08-24 18:59 -------- d-----w- c:\program files\Trend Micro
2009-08-24 18:04 . 2008-06-19 22:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-08-24 18:03 . 2009-08-24 18:03 -------- d-----w- c:\program files\Panda Security
2009-08-24 17:54 . 2009-08-24 17:54 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-08-24 17:30 . 2009-08-24 17:30 -------- dc-h--w- c:\windows\ie8
2009-08-23 17:22 . 2009-08-23 17:22 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-23 17:08 . 2009-08-23 17:08 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-08-23 16:57 . 2009-08-24 17:22 -------- d-----w- c:\windows\ie8updates
2009-08-23 16:56 . 2009-08-23 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-23 16:22 . 2009-08-23 16:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
2009-08-23 16:21 . 2009-08-23 16:57 -------- d--h--w- c:\windows\msdownld.tmp
2009-08-23 16:19 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-23 16:19 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-23 16:19 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-23 15:41 . 2009-08-23 16:01 -------- d-----w- c:\program files\BHODemon 2
2009-08-23 15:17 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-08-23 15:17 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-23 15:08 . 2009-08-23 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-08-23 15:04 . 2009-08-23 15:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-08-13 21:27 . 2009-08-13 21:27 -------- d-----w- c:\program files\TES_Map

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 01:14 . 2007-07-15 23:32 -------- d-----w- c:\program files\Warcraft III
2009-08-27 20:58 . 2009-06-24 18:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-08-27 20:55 . 2009-06-24 18:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-08-26 02:06 . 2007-07-15 23:37 79607 ----a-w- c:\windows\War3Unin.dat
2009-08-23 16:56 . 2008-08-31 23:20 -------- d-----w- c:\program files\Yahoo!
2009-08-23 16:22 . 2008-08-31 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-08-23 15:08 . 2007-06-02 13:04 -------- d-----w- c:\program files\IObit
2009-08-11 05:00 . 2007-04-28 00:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2009-08-11 03:47 . 2008-04-08 00:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC
2009-08-10 19:04 . 2008-04-08 00:25 -------- d-----w- c:\program files\mIRC
2009-08-08 02:43 . 2009-04-30 12:05 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 05:35 . 2009-05-09 04:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\VoipCheapCom
2009-07-24 16:27 . 2007-04-28 00:21 -------- d-s---w- c:\program files\Xfire
2009-07-20 02:21 . 2009-07-20 02:21 -------- d-----w- c:\program files\SEGA
2009-07-20 02:21 . 2007-04-27 14:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 02:41 . 2009-07-18 02:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\Mail.Ru
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-03 17:09 . 2004-08-04 00:56 915456 ------w- c:\windows\system32\wininet.dll
2009-06-24 18:24 . 2009-06-24 18:24 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-17 01:25 . 2004-08-04 00:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 20:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2008-04-13 23:07 . 2008-04-13 23:07 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"razer"="c:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-08-20 943888]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"UPS"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"LightScribeService"=2 (0x2)
"getPlus(R) Helper"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\UBISOFT\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [4/27/2007 9:08 AM 16640]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/24/2009 1:04 PM 28544]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/30/2009 7:05 AM 108289]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/23/2009 10:08 AM 305936]
R3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [3/22/2009 12:41 PM 13225]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/13/2008 6:07 PM 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 ptiusbf;PTI USB Filter;c:\windows\system32\drivers\ptiusbf.sys [4/14/2001 1:22 AM 22474]
S4 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/13/2009 9:12 AM 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Ïîèñê@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/282
IE: Ñëîâàðè@Mail.Ru - c:\program files\Mail.Ru\Sputnik\MailRuSputnik.dll/283
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - c:\program files\Mail.Ru\Agent\magent.exe
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qwzk4eu8.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qwzk4eu8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qwzk4eu8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 22:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-162531612-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,ae,2d,10,a5,ff,e7,4d,b1,18,a2,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,ae,2d,10,a5,ff,e7,4d,b1,18,a2,\
.
Completion time: 2009-09-05 22:09
ComboFix-quarantined-files.txt 2009-09-05 03:08
ComboFix2.txt 2009-08-28 14:33

Pre-Run: 158,996,582,400 bytes free
Post-Run: 158,950,596,608 bytes free

836 --- E O F --- 2008-01-09 04:02
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » September 5th, 2009, 4:29 am

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » September 5th, 2009, 11:19 am

I get a message saying" the launch of the Java application has been interrupted please establish an uninterrupted connection when trying to work this program" when I try to run Kaspersky. I enabled installation of unsigned active X and a couple of other undesirable settings to allow Kaspersky access but that didn't help. I am going to reset those settings and wait for your advice.
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm

Re: Have Some Problems - Browser Misdirection

Unread postby Shaba » September 5th, 2009, 12:13 pm

Please try to run that scan using another browser :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Have Some Problems - Browser Misdirection

Unread postby nickle91 » September 5th, 2009, 1:08 pm

Fhen I try to run it with firefox it immediately crashes to desktop.
nickle91
Active Member
 
Posts: 11
Joined: August 24th, 2009, 3:33 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 487 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware