also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Solved] Server error

Discussion in 'Virus and Malware Removal' started by heyhi, Dec 4, 2010.

Thread Status:
Not open for further replies.
Page 2 of 2

  1. heyhi Newcomer, in training

    ESETSmartInstaller@High as downloader log:
    Can not open internetESETSmartInstaller@High as downloader log:
    Can not open internetesets_scanner_update returned -1 esets_gle=41221
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6415
    # api_version=3.0.2
    # EOSSerial=e75d9cb1f226704f94b3cf8ec286cd67
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-12-13 07:57:43
    # local_time=2010-12-13 02:57:43 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=770 16774141 100 100 173768 227629724 0 0
    # compatibility_mode=1280 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 331667 331667 0 0
    # scanned=4351
    # found=0
    # cleaned=0
    # scan_time=96
    heyhi, Dec 13, 2010
    #21

  2. heyhi Newcomer, in training

    Thanks again for ur help. Erased system care, and can't find bit torrent to erase it.I also tryed to uninstal Jave, It wouldnt let me get to the file so I upgraded it.


    ComboFix 10-12-13.02 - KA 12/13/2010 15:15:19.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.785 [GMT -5:00]
    Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\KA\Desktop\CFScript.txt.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    FILE ::
    "c:\program files\lavasoft\ad-aware\kernexplorer.sys"
    "c:\program files\magix\common\database\bin\fbserver.exe"
    "c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll"
    "c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll"
    "c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
    "c:\windows\ARJ.PIF"
    "c:\windows\LHA.PIF"
    "c:\windows\NOCLOSE.PIF"
    "c:\windows\PKUNZIP.PIF"
    "c:\windows\PKZIP.PIF"
    "c:\windows\RAR.PIF"
    "c:\windows\UC.PIF"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\KA\Application Data\uTorrent
    c:\documents and settings\KA\Application Data\uTorrent\apps.btapp
    c:\documents and settings\KA\Application Data\uTorrent\apps\DADC6E156485529178AD96DD503321DE39C1BED5.btapp
    c:\documents and settings\KA\Application Data\uTorrent\dht.dat
    c:\documents and settings\KA\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408
    c:\documents and settings\KA\Application Data\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
    c:\documents and settings\KA\Application Data\uTorrent\NFC Championshipgame - Saints at Bears.1.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFC Championshipgame - Saints at Bears.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFL 2010 WK14 Philadelphia Eagles at Dallas Cowboys.torrent
    c:\documents and settings\KA\Application Data\uTorrent\NFL.2010.wk14.Washington.Redskins.at.NY.Giants.720p.HDTV.x264.torrent
    c:\documents and settings\KA\Application Data\uTorrent\resume.dat
    c:\documents and settings\KA\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\rss.dat
    c:\documents and settings\KA\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\KA\Application Data\uTorrent\settings.dat
    c:\documents and settings\KA\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
    c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5\1.0.0.0\user.config
    c:\program files\uTorrent
    c:\program files\uTorrent\uTorrent.exe
    c:\windows\ARJ.PIF
    c:\windows\LHA.PIF
    c:\windows\NOCLOSE.PIF
    c:\windows\PKUNZIP.PIF
    c:\windows\PKZIP.PIF
    c:\windows\RAR.PIF
    c:\windows\UC.PIF

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_FIREBIRDSERVERMAGIXINSTANCE
    -------\Legacy_LAVASOFT_KERNEXPLORER
    -------\Service_FirebirdServerMAGIXInstance
    -------\Service_Lavasoft Kernexplorer


    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
    2010-12-13 20:06 . 2010-09-15 09:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-13 20:06 . 2010-09-15 09:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
    2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
    2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
    2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50 . 2010-11-30 07:45 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
    2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~
    2010-11-18 04:59 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2010-11-18 04:59 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-18 04:59 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-18 04:58 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-18 04:58 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
    2010-11-18 04:49 . 2010-11-18 04:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-26 05:50 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Temp
    2010-11-18 04:44 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\program files\Google
    2010-11-18 04:44 . 2010-11-22 10:18 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Google
    2010-11-18 04:43 . 2010-11-18 04:44 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Deployment
    2010-11-14 22:24 . 2010-12-10 00:32 -------- d-----w- c:\documents and settings\KA\Application Data\U3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-18 16:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 07:29 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13227:TCP"= 13227:TCP:BitComet 13227 TCP
    "13227:UDP"= 13227:UDP:BitComet 13227 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
    R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/nfl/
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Spell Checker: gaurangnshah@gmail.com - %profile%\extensions\gaurangnshah@gmail.com
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
    AddRemove-{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31} - c:\program files\Full Tilt Poker\uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-13 15:27
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1092)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\athgina.dll
    c:\windows\system32\COMRes.dll

    - - - - - - - > 'explorer.exe'(2912)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\acs.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-13 15:34:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-13 20:34
    ComboFix2.txt 2010-12-10 02:57

    Pre-Run: 21,941,743,616 bytes free
    Post-Run: 21,791,199,232 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - C4404A5F642E012FF4A673D736A0F59A
    heyhi, Dec 13, 2010
    #22

  3. Bobbye Helper on the Fringe

    You're still running LimeWire and BitComent. You have globally open ports in the firewall for BitComent. That means that any account that signs on to the system has BitComent allowed through the firewall. I removed the Torrent files with the script> not much point in that:

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall Bit Comet & LimeWire for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.
    ============================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    Bobbye, Dec 15, 2010
    #23

  4. heyhi Newcomer, in training

    Again thanks for taking ur time to help me. I cant find where to uninstall bitcoment, I never used it or remember downloading it.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:15:54 PM, on 12/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\program files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\KA\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/nfl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

    --
    End of file - 7391 bytes
    heyhi, Dec 16, 2010
    #24

  5. Bobbye Helper on the Fringe

    You're welcome. You're almost finished!

    Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    Close all Windows except HijackThis and click on "Fix Checked"
    ========================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    File:: 
DDS::
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"13227:TCP"=-
"13227:UDP"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please let me know if the problem has been resolved and I'll have you remove the cleaning tools and their logs.
    Bobbye, Dec 19, 2010
    #25

  6. heyhi Newcomer, in training

    I erased the 3 things frm hijackthis, heres the log what are u seeing so far? I still havent removed bitcommt..cant find it


    ComboFix 10-12-18.02 - KA 12/20/2010 0:36.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.786 [GMT -5:00]
    Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\KA\Desktop\CFScript.txt.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\KA\Application Data\PriceGong
    c:\documents and settings\KA\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\KA\Application Data\PriceGong\Data\z.xml

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
    .

    2010-12-16 17:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2010-12-16 06:32 . 2010-12-17 04:14 -------- d-----w- C:\HijackThis
    2010-12-16 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-15 00:37 . 2010-12-15 00:40 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
    2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
    2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
    2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
    2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
    2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50 . 2010-12-17 04:11 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
    2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-18 18:12 . 2009-04-19 22:43 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 21:34 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-11-05 05:05 . 2009-08-16 02:48 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-12-10_02.54.13 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-12-19 21:36 . 2010-12-19 21:36 16384 c:\windows\temp\Perflib_Perfdata_5cc.dat
    - 2008-10-22 09:47 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
    + 2008-10-22 09:47 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
    - 2004-08-04 12:00 . 2010-12-10 00:41 67714 c:\windows\system32\perfc009.dat
    + 2004-08-04 12:00 . 2010-12-17 04:57 67714 c:\windows\system32\perfc009.dat
    + 2010-11-18 18:12 . 2010-11-18 18:12 81920 c:\windows\system32\dllcache\isign32.dll
    - 2009-08-16 02:48 . 2010-09-09 14:16 81920 c:\windows\system32\dllcache\ieencode.dll
    + 2009-08-16 02:48 . 2010-11-05 05:05 81920 c:\windows\system32\dllcache\ieencode.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 629760 c:\windows\system32\urlmon.dll
    + 2004-08-04 12:00 . 2010-12-17 04:57 432924 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2010-12-10 00:41 432924 c:\windows\system32\perfh009.dat
    - 2004-08-04 12:00 . 2008-04-14 00:12 532480 c:\windows\system32\mstime.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 532480 c:\windows\system32\mstime.dll
    - 2004-08-04 12:00 . 2010-09-09 14:16 449024 c:\windows\system32\mshtmled.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 449024 c:\windows\system32\mshtmled.dll
    + 2010-12-19 04:43 . 2010-11-12 23:53 157472 c:\windows\system32\javaws.exe
    + 2010-12-19 04:43 . 2010-11-12 23:53 145184 c:\windows\system32\javaw.exe
    + 2010-12-19 04:43 . 2010-11-12 23:53 145184 c:\windows\system32\java.exe
    + 2004-08-04 12:00 . 2010-11-05 05:05 251904 c:\windows\system32\iepeers.dll
    - 2004-08-04 12:00 . 2010-09-09 14:16 251904 c:\windows\system32\iepeers.dll
    - 2009-04-19 18:31 . 2010-10-22 21:29 131688 c:\windows\system32\FNTCACHE.DAT
    + 2009-04-19 18:31 . 2010-12-16 17:39 131688 c:\windows\system32\FNTCACHE.DAT
    + 2009-02-20 08:10 . 2010-11-05 05:05 667136 c:\windows\system32\dllcache\wininet.dll
    - 2009-02-20 08:10 . 2010-09-09 14:16 667136 c:\windows\system32\dllcache\wininet.dll
    + 2009-02-20 08:10 . 2010-11-05 05:05 629760 c:\windows\system32\dllcache\urlmon.dll
    + 2010-11-05 05:05 . 2010-11-05 05:05 532480 c:\windows\system32\dllcache\mstime.dll
    + 2010-09-09 14:16 . 2010-11-05 05:05 449024 c:\windows\system32\dllcache\mshtmled.dll
    - 2010-09-09 14:16 . 2010-09-09 14:16 449024 c:\windows\system32\dllcache\mshtmled.dll
    - 2010-09-09 14:16 . 2010-09-09 14:16 251904 c:\windows\system32\dllcache\iepeers.dll
    + 2010-09-09 14:16 . 2010-11-05 05:05 251904 c:\windows\system32\dllcache\iepeers.dll
    + 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
    + 2010-12-13 20:06 . 2010-12-13 20:06 180224 c:\windows\Installer\88d9f0.msi
    + 2010-09-22 23:10 . 2010-09-22 23:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
    - 2004-08-04 12:00 . 2010-09-09 14:16 1510400 c:\windows\system32\shdocvw.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 1510400 c:\windows\system32\shdocvw.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 3076096 c:\windows\system32\mshtml.dll
    + 2009-02-09 11:13 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
    + 2009-03-02 23:04 . 2010-11-05 05:05 1510400 c:\windows\system32\dllcache\shdocvw.dll
    - 2009-03-02 23:04 . 2010-09-09 14:16 1510400 c:\windows\system32\dllcache\shdocvw.dll
    + 2009-02-20 08:11 . 2010-11-05 05:05 3076096 c:\windows\system32\dllcache\mshtml.dll
    - 2010-09-09 14:16 . 2010-09-09 14:16 1025024 c:\windows\system32\dllcache\browseui.dll
    + 2010-09-09 14:16 . 2010-11-05 05:05 1025024 c:\windows\system32\dllcache\browseui.dll
    - 2004-08-04 12:00 . 2010-09-09 14:16 1025024 c:\windows\system32\browseui.dll
    + 2004-08-04 12:00 . 2010-11-05 05:05 1025024 c:\windows\system32\browseui.dll
    + 2010-11-08 07:14 . 2010-11-08 07:14 3402752 c:\windows\Installer\6cdda2.msp
    + 2010-09-16 08:08 . 2010-09-16 08:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
    + 2009-04-22 13:31 . 2010-12-16 08:00 37366216 c:\windows\system32\MRT.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "13227:TCP"= 13227:TCP:BitComet 13227 TCP
    "13227:UDP"= 13227:UDP:BitComet 13227 UDP
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
    R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

    2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/nfl/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
    WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-20 00:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1092)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\athgina.dll
    .
    Completion time: 2010-12-20 00:45:54
    ComboFix-quarantined-files.txt 2010-12-20 05:45
    ComboFix2.txt 2010-12-13 20:34
    ComboFix3.txt 2010-12-10 02:57

    Pre-Run: 22,318,411,776 bytes free
    Post-Run: 22,343,516,160 bytes free

    - - End Of File - - 035979AA1DA9F4C02AA0F0AB8F3A0E50
    heyhi, Dec 20, 2010
    #26

  7. Bobbye Helper on the Fringe

    The process that is still running is from uTorrent. Ports are open globally for BitTorrent and you still have LimeWare loading. Not a while lot of sense to try and clean with 3 active file sharing programs.
    Bobbye, Dec 21, 2010
    #27

  8. heyhi Newcomer, in training

    Utorrent has already been uninstalled? I cant find bittorrent or utorrent under uninstall. How is limewire loading, I havent used it in a few weeks, I wanna try not to uninstal it but I will if i have to. As far as the other 2 how do i get rid of em? dont see them under uninstall !
    heyhi, Dec 21, 2010
    #28

  9. Bobbye Helper on the Fringe

    I remove them with script you run through Combofix. They are loading through the Registry. It's you system. I'm just making the comment about the file sharing because:

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall the programs for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • Fie sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.

    Please read the information on P2P Warning to help you better understand these dangers.

    Cleaning malware out the front door while it comes in through file sharing through the backdoor isn't very effective.
    Bobbye, Dec 21, 2010
    #29

  10. heyhi Newcomer, in training

    Oh ok thanks. Do you know how I can stop them from loading thru the reg?
    heyhi, Dec 21, 2010
    #30

  11. heyhi Newcomer, in training

    ? anyone??
    heyhi, Dec 23, 2010
    #31

  12. Bobbye Helper on the Fringe

    The best way is to take the programs off of Startup, follow with uninstall.

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:[Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
File::
Folder::
c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
c:\documents and settings\KA\Local Settings\Application Data\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5

DDS::
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13227:TCP"=-
"13227:UDP"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Bobbye, Dec 23, 2010
    #32

  13. heyhi Newcomer, in training

    ComboFix 10-12-24.01 - KA 12/24/2010 18:38:24.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.883 [GMT -5:00]
    Running from: c:\documents and settings\KA\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\KA\Desktop\CFScript.tx.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215803994037500_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215829629975000_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634215857840756250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634219291587531250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220940193781250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634220946896281250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634226715423943750_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_634244832697856250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_78_278_CT2786678_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___storage_conduit_com_images_SearchEngines_videosurf_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.bck.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\AppsMetaData\data.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.bck.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarLogin\data.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.bck.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_CT2786678\ToolbarSettings\data.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.bck.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Repository\conduit_CT2786678_en\ToolbarTranslation\data.txt
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_history.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_history.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___rss_news_yahoo_com_rss_world_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\SearchInNewTab\SearchInNewTabContent.xml
    c:\documents and settings\KA\Local Settings\Application Data\uTorrentBar\ThirdPartyComponents.xml

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
    .

    2010-12-16 17:42 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
    2010-12-16 06:32 . 2010-12-17 04:14 -------- d-----w- C:\HijackThis
    2010-12-16 06:28 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
    2010-12-13 20:06 . 2010-12-13 20:06 -------- d-----w- c:\program files\Common Files\Java
    2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-13 20:06 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2010-12-09 00:48 . 2010-12-09 00:48 -------- d-----w- c:\program files\ESET
    2010-12-07 12:49 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
    2010-12-07 12:49 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
    2010-12-07 12:49 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
    2010-12-07 12:49 . 2010-11-24 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
    2010-12-07 12:49 . 2010-06-08 17:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
    2010-12-07 12:49 . 2010-06-08 17:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
    2010-12-05 18:33 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-12-05 18:33 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-12-05 03:34 . 2010-12-05 03:34 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-12-03 05:05 . 2009-01-30 22:13 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
    2010-12-01 11:56 . 2010-12-01 11:56 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Sunbelt Software
    2010-11-30 02:13 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-11-30 02:13 . 2010-12-07 12:50 -------- d-----w- c:\program files\K-Lite Codec Pack
    2010-11-29 07:22 . 2010-11-30 07:47 -------- d-----w- c:\program files\Real
    2010-11-26 22:26 . 2010-11-26 22:26 -------- d-----w- c:\program files\MPEGTOWAV
    2010-11-26 05:50 . 2010-12-17 04:11 -------- d-----w- c:\documents and settings\KA\Local Settings\Application Data\Conduit
    2010-11-26 05:47 . 2010-11-26 05:47 -------- d-----w- c:\documents and settings\All Users~

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-02 02:50 . 2010-03-27 13:22 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2010-11-29 22:42 . 2009-11-19 08:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-11-19 08:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-18 18:12 . 2009-04-19 22:43 81920 ----a-w- c:\windows\system32\isign32.dll
    2010-11-12 21:34 . 2009-06-22 16:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-11-05 05:05 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-11-05 05:05 . 2004-08-04 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-11-05 05:05 . 2009-08-16 02:48 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-11-03 12:59 . 2004-08-04 12:00 369664 ----a-w- c:\windows\system32\html.iec
    2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
    2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-24 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-24 114688]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-12-3 4562944]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-05-30 16:30 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\aol\\1264685876\\ee\\aolsoftware.exe"=
    "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/29/2009 8:36 PM 28552]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2010 6:26 PM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2010 6:26 PM 17744]
    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/12/2010 4:11 AM 10448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [6/20/2009 6:38 PM 88176]
    R2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [12/3/2010 12:04 AM 278528]
    R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [12/3/2010 12:04 AM 1710944]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/3/2010 12:04 AM 57440]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/17/2010 11:44 PM 136176]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [12/3/2010 12:04 AM 360529]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]

    2010-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-18 04:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://espn.go.com/nfl/
    uInternet Connection Wizard,ShellNext = iexplore
    IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
    Trusted Zone: intuit.com\ttlc
    FF - ProfilePath - c:\documents and settings\KA\Application Data\Mozilla\Firefox\Profiles\ostsccu7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com/WiHome?lnkctr=mhWN
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
    FF - user.js: keyword.enabled - 1
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-24 18:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1092)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\windows\system32\athgina.dll

    - - - - - - - > 'explorer.exe'(1208)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Microsoft ActiveSync\wcescomm.exe
    c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    c:\progra~1\MICROS~2\rapimgr.exe
    c:\windows\system32\acs.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-24 18:53:00 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-24 23:52
    ComboFix2.txt 2010-12-20 05:45
    ComboFix3.txt 2010-12-13 20:34
    ComboFix4.txt 2010-12-10 02:57

    Pre-Run: 23,050,313,728 bytes free
    Post-Run: 23,091,822,592 bytes free

    - - End Of File - - 3717C4E98D9707BA0057E555BE8E11A0
    heyhi, Dec 24, 2010
    #33

  14. Bobbye Helper on the Fringe

    uTorrent removed. LimeWire remains.
    Has the server problem been resolved? If so, go to the following:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Have a Happy and Peaceful Holiday![IMG]
    Bobbye, Dec 24, 2010
    #34
Page 2 of 2
Thread Status:
Not open for further replies.