TechSpot

The unbeatable virus

By Yourdogsucks
Sep 11, 2010
  1. I've been battling a mad virus for a while now. It redirects my browser and caused me all kinds of shame. The sad

    part is that it bypassed supposedly "live protection" on my antivirus and antimalware - which just goes to prove

    that the virii are being released by the same folks who make the antivirus to force consumers to purchase their

    product.

    But anyways.

    I have wiped out mozilla and IE, and reinstalled, in safe mode, with intermittent scans of mbam, and no luck. I have

    hunted down every noncritical process in msconfig and shut down every service I could find. This virus can still

    redirect my browser in safe mode.

    Also, I have done a repair install on windows, to no avail.

    Where do I go next? I have no idea. Below are my logs as specified in the intro post. It's gotten to where I feel that this virus might even be so great that I could switch to a blank hard drive and it would still be there somehow.

    I would love to hunt down the maker's of this virus and dispense some vigilante justice. Boy oh boy....

    MBAM:
    GMER:
    Weird going's on here.

    Attach:
     
  2. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    DDS:
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot. I'll help with the malware and am reviewing your logs now. You had or have Rogue Antivirus 2009 and a Rootkit so We'll need to be sure all of it has been removed.

    Please run ths following programs:

    Please download MBR Rootkit Detector and save it on your desktop.
    • Pause/Stop all antivirus/spyware active protection.
    • Then double click on mbr.exe to run it.
    • Select Run when you receive a Security Warning
    • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
    • A log file will the be created on your desktop where you ran mbr.exe
    • Copy and paste the contents of mbr.log on your next reply.
    ============================
    Follow with ComboFix download from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt into next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    In the mean time, Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Also, do not use uTorrent , LimeWire or any other files sharing program while I am helping you.

    EDIT: Before you paste your next log in Notepad, please click on Format> Uncheck 'Word Wrap.'
     
  4. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Thank you so much for your assistance.

    This is strange and may be attributed to a virus scan or something.
    Here is the new MBR

    Also, it got that filthy mp36yfav that was causing issues. I will test if this fixed it and repost.

    I bolded stuff that appears strange to me

    Combofix:

    Continued...
     
  5. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Continued from last

     
  6. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Still no bad symptoms. Everything is good so far. Some programs are acting funny (HP keeps trying to get me to insert it's disk) but other than that everything is good.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You don't need to put the logs in quotes. Log entries should not be changed in any way> no comments, no question marks, no bold print. Every character in a log is significant and shouldn't be modified in any way.You weren't instructed to remove anything yet.

    You have a Vundo infection which is why you see the strange names.

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\docume~1\alluse~1\applic~1\jbjx8GG.dat
    c:\docume~1\alluse~1\applic~1\Mp36YFaV.exe
    c:\windows\aweloruzifulo.dll
    c:\windows\Uvydyb.exe
    c:\windows\Vbucazetij.dat
    c:\windows\Qqugadageq.bin
    c:\windows\Uvydya.exe
    c:\windows\system32\regwizc1.dll
    c:\docume~1\alluse~1\applic~1\Update
    c:\windows\system32\drivers\kghps.sys
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\Tr_sttool.dat
    c:\windows\hpoins46.dat
    c:\documents and settings\All Users\Application Data\jbjx8GG.dat
    
    RenV::
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\QuickTime\qttask .exe
    c:\windows\system32\rundll32 .exe
    
    RegLock::
    [HKEY_USERS\S-1-5-21-1390067357-1979792683-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
    
    Folder::
    c:\documents and settings\User\Local Settings\Application Data\tfltmolue
    c:\documents and settings\All Users\Application Data\Update
    
    Registry::
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wvrnfijv]
    
    DirLook::
    C:\zrpt.xml
    
    Driver::
    DDS::
    mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed
    Components" /v "NoIE4StubProcessing" /f
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\Windows\System32\drivers\atapi.sys
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into your next reply.
    =========================================
    Contents of the 'Scheduled Tasks' folder> were there no processes in this?
    Why are files created on 4/14/2008 and 6/26/2007 in the section for>>
    (((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    2010-09-11 06:26 . 2008-04-14 12:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-09-11 06:26 . 2007-06-26 18:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
    =========================================
    Please run this Security Check:
    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.
     
  8. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Okay here are the new ones. Sorry for the quotes earlier I didn't realize the effect there.

    Combofix log:

    ComboFix 10-09-11.02 - User 09/11/2010 16:39:16.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2812 [GMT -7:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

    FILE ::
    "c:\docume~1\alluse~1\applic~1\jbjx8GG.dat"
    "c:\docume~1\alluse~1\applic~1\Mp36YFaV.exe"
    "c:\docume~1\alluse~1\applic~1\Update"
    "c:\documents and settings\All Users\Application Data\jbjx8GG.dat"
    "c:\windows\aweloruzifulo.dll"
    "c:\windows\hpoins46.dat"
    "c:\windows\Qqugadageq.bin"
    "c:\windows\system32\drivers\kghps.sys"
    "c:\windows\system32\drivers\logiflt.iad"
    "c:\windows\system32\drivers\lvuvc.hs"
    "c:\windows\system32\regwizc1.dll"
    "c:\windows\system32\Tr_sttool.dat"
    "c:\windows\Uvydya.exe"
    "c:\windows\Uvydyb.exe"
    "c:\windows\Vbucazetij.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\alluse~1\applic~1\jbjx8GG.dat
    c:\documents and settings\All Users\Application Data\jbjx8GG.dat
    c:\documents and settings\All Users\Application Data\Update
    c:\documents and settings\User\Local Settings\Application Data\tfltmolue
    c:\windows\hpoins46.dat
    c:\windows\Qqugadageq.bin
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\regwizc1.dll
    c:\windows\system32\Tr_sttool.dat
    c:\windows\Uvydya.exe
    c:\windows\Uvydyb.exe
    c:\windows\Vbucazetij.dat

    .
    --------------- FCopy ---------------

    c:\windows\ServicePackFiles\i386\atapi.sys --> c:\windows\System32\drivers\atapi.sys
    .
    ((((((((((((((((((((((((( Files Created from 2010-08-11 to 2010-09-11 )))))))))))))))))))))))))))))))
    .

    2010-09-11 06:26 . 2008-04-14 12:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2010-09-11 06:26 . 2008-04-14 05:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2010-09-11 06:26 . 2007-06-26 18:30 22060 -c----w- c:\windows\system32\dllcache\npds.zip
    2010-09-11 06:26 . 2007-06-26 18:26 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
    2010-09-11 06:26 . 2008-04-14 12:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2010-09-11 06:25 . 2008-04-14 12:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
    2010-09-11 05:55 . 2004-08-04 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
    2010-09-11 05:54 . 2004-08-04 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
    2010-09-11 05:54 . 2004-08-04 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
    2010-09-11 05:54 . 2004-08-04 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
    2010-09-11 05:54 . 2004-08-04 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
    2010-09-11 05:54 . 2004-08-04 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
    2010-09-11 05:54 . 2004-08-04 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
    2010-09-11 05:54 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
    2010-09-11 05:53 . 2004-08-04 12:00 73728 -c--a-w- c:\windows\system32\dllcache\icwtutor.exe
    2010-09-11 05:53 . 2004-08-04 12:00 61440 -c--a-w- c:\windows\system32\dllcache\icwres.dll
    2010-09-11 05:53 . 2004-08-04 12:00 40960 -c--a-w- c:\windows\system32\dllcache\trialoc.dll
    2010-09-11 05:53 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
    2010-09-11 05:30 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
    2010-09-11 05:30 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
    2010-09-11 05:30 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
    2010-09-11 05:30 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
    2010-09-11 04:47 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-11 04:47 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-11 04:47 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-11 04:47 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-11 04:47 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-11 04:47 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-11 04:47 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-11 04:47 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-09-11 04:47 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\program files\Alwil Software
    2010-09-11 04:47 . 2010-09-11 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-08-30 06:29 . 2010-08-30 06:29 6476416 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\Connect.exe
    2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Setup.exe
    2010-08-30 06:29 . 2010-08-30 06:29 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Connect.exe
    2010-08-29 18:39 . 2010-08-29 18:39 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-08-29 09:37 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-29 09:37 . 2010-08-29 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-29 09:37 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-29 09:36 . 2010-08-29 09:36 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-08-29 09:24 . 2010-05-26 07:26 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-11 23:39 . 2010-05-26 03:23 -------- d-----w- c:\program files\iTunes
    2010-09-11 23:39 . 2010-05-26 03:22 -------- d-----w- c:\program files\QuickTime
    2010-09-11 20:31 . 2010-05-26 03:04 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
    2010-09-11 05:52 . 2010-05-22 20:36 22720 ----a-w- c:\windows\system32\emptyregdb.dat
    2010-09-11 05:46 . 2010-06-27 09:19 -------- d-----w- c:\program files\Common Files\LogiShrd
    2010-09-06 22:00 . 2010-09-06 22:00 -------- d-----w- c:\program files\iPod
    2010-09-06 22:00 . 2010-05-26 03:22 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Apple Computer
    2010-09-06 21:58 . 2010-09-06 21:58 -------- d-----w- c:\program files\Bonjour
    2010-09-06 21:55 . 2010-09-06 21:55 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-09-06 21:52 . 2010-09-06 21:08 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2010-09-06 21:52 . 2010-09-06 21:52 101632 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-09-02 03:09 . 2010-09-02 03:09 46852 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-08-30 06:19 . 2010-05-22 22:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-30 03:32 . 2010-07-29 02:26 -------- d-----w- c:\program files\StarCraft II
    2010-08-14 09:06 . 2010-06-06 11:47 -------- d-----w- c:\documents and settings\User\Application Data\vlc
    2010-08-10 03:07 . 2010-08-10 02:50 -------- d-----w- c:\program files\BSR Screen Recorder 4
    2010-08-10 01:12 . 2010-08-10 01:12 -------- d-----w- c:\program files\Cisco Systems
    2010-08-09 02:10 . 2010-07-29 03:23 -------- d-----w- c:\documents and settings\User\Application Data\HPAppData
    2010-08-09 02:04 . 2010-05-26 03:23 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
    2010-08-06 01:19 . 2010-06-05 03:44 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2010-08-06 01:00 . 2010-06-23 02:05 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-08-06 01:00 . 2010-08-06 00:58 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
    2010-08-06 00:58 . 2010-05-22 21:23 -------- d-----w- c:\program files\Realtek
    2010-08-06 00:58 . 2010-05-22 21:23 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-04 02:20 . 2010-05-22 21:55 5243392 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
    2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalrt.dll
    2010-08-04 01:59 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\aticalcl.dll
    2010-08-04 01:57 . 2010-05-22 21:55 4358144 ----a-w- c:\windows\system32\aticaldd.dll
    2010-08-04 01:53 . 2010-05-22 21:55 15900672 ----a-w- c:\windows\system32\atioglxx.dll
    2010-08-04 01:47 . 2010-05-22 21:55 311296 ----a-w- c:\windows\system32\atiiiexx.dll
    2010-08-04 01:47 . 2010-05-22 21:55 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-08-04 01:46 . 2010-05-22 21:55 300544 ----a-w- c:\windows\system32\ati2dvag.dll
    2010-08-04 01:41 . 2010-05-22 21:55 3901280 ----a-w- c:\windows\system32\ati3duag.dll
    2010-08-04 01:31 . 2010-05-22 21:55 208896 ----a-w- c:\windows\system32\atipdlxx.dll
    2010-08-04 01:31 . 2010-05-22 21:55 155648 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-08-04 01:30 . 2010-05-22 21:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
    2010-08-04 01:30 . 2010-05-22 21:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
    2010-08-04 01:30 . 2010-05-22 21:55 159744 ----a-w- c:\windows\system32\ati2evxx.dll
    2010-08-04 01:29 . 2010-05-22 21:55 606208 ----a-w- c:\windows\system32\ati2evxx.exe
    2010-08-04 01:28 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
    2010-08-04 01:28 . 2010-05-22 21:55 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
    2010-08-04 01:27 . 2010-05-22 21:55 887724 ----a-w- c:\windows\system32\ativva6x.dat
    2010-08-04 01:27 . 2010-05-22 21:55 3 ----a-w- c:\windows\system32\ativva5x.dat
    2010-08-04 01:27 . 2010-05-22 21:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
    2010-08-04 01:24 . 2010-05-22 21:55 610304 ----a-w- c:\windows\system32\atikvmag.dll
    2010-08-04 01:23 . 2010-05-22 21:55 393216 ----a-w- c:\windows\system32\atiok3x2.dll
    2010-08-04 01:22 . 2010-05-22 21:55 188416 ----a-w- c:\windows\system32\atiadlxx.dll
    2010-08-04 01:22 . 2010-05-22 21:55 17408 ----a-w- c:\windows\system32\atitvo32.dll
    2010-08-04 01:16 . 2010-05-22 21:55 700416 ----a-w- c:\windows\system32\ati2cqag.dll
    2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\atimpc32.dll
    2010-08-04 01:15 . 2010-05-22 21:55 65024 ----a-w- c:\windows\system32\amdpcom32.dll
    2010-08-04 01:14 . 2010-05-22 21:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-08-01 21:12 . 2010-05-26 03:33 77448 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-08-01 03:23 . 2010-08-01 03:23 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2010-07-30 00:23 . 2010-05-23 03:09 -------- d-----w- c:\program files\Steam
    2010-07-29 03:05 . 2010-07-29 03:05 -------- d-----w- c:\program files\iTunes Library Updater
    2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\User\Application Data\ATI
    2010-07-29 02:54 . 2010-07-29 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
    2010-07-29 02:49 . 2010-05-22 21:55 -------- d-----w- c:\program files\ATI Technologies
    2010-07-29 02:37 . 2010-07-29 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
    2010-07-29 02:14 . 2010-07-29 02:14 -------- d-----w- c:\program files\LG Electronics
    2010-07-29 01:53 . 2010-05-25 07:54 -------- d-----w- c:\documents and settings\User\Application Data\uTorrent
    2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-18 07:04 . 2010-07-18 07:04 -------- d-----w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7
    2010-07-18 07:04 . 2010-07-18 07:04 172032 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\Uninstall-MyCar-Monitor.exe
    2010-07-18 07:04 . 2010-07-18 07:04 229376 ----a-w- c:\documents and settings\User\Application Data\MyCar-Monitor 4.2.0.7\SSEInternetUpdater.exe
    2010-06-27 09:21 . 2010-06-27 09:21 53248 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-06-27 08:27 . 2010-05-26 03:29 101632 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-26 07:23 . 2010-06-26 07:23 260240 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-06-26 06:48 . 2010-06-26 06:48 36864 ----a-w- c:\documents and settings\User\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll
    2010-06-23 02:41 . 2010-05-22 20:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2010-06-16 13:22 . 2010-05-22 21:55 219348 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-06-15 02:16 . 2010-06-15 02:16 86016 ----a-w- c:\windows\system32\frapsvid.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\zrpt.xml ----



    ((((((((((((((((((((((((((((( SnapShot@2010-09-11_19.41.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-11 20:31 . 2010-09-11 20:31 16384 c:\windows\temp\Perflib_Perfdata_264.dat
    + 2010-05-22 20:37 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
    + 2010-05-22 20:37 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
    + 2004-08-04 12:00 . 2008-04-14 12:42 33280 c:\windows\system32\dllcache\rundll32.exe
    + 2004-08-04 12:00 . 2008-04-14 07:10 96512 c:\windows\system32\dllcache\atapi.sys
    .
     
  9. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-14 2734688]

    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-14 2734688]

    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-06-14 2734688]

    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    "SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 718688]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
    "RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "AlcWzrd"="ALCWZRD.EXE" [2010-05-01 2815520]
    "36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
    "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    c:\documents and settings\User\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2010-8-5 966656]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    m‘|\ü [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2009-11-18 23:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "sdCoreService"=2 (0x2)
    "sdAuxService"=2 (0x2)
    "Browser Defender Update Service"=2 (0x2)
    "WUSB54GCSVC"=2 (0x2)
    "odserv"=3 (0x3)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "Microsoft Office Groove Audit Service"=3 (0x3)
    "LVPrcSrv"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "idsvc"=3 (0x3)
    "FLEXnet Licensing Service"=3 (0x3)
    "Bonjour Service"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\altitude\\altitude.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\alien breed impact\\Binaries\\AlienBreed-Impact.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\kings bounty armored princess\\kb.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\kb.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\king's bounty - the legend\\save_fixer.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\supreme commander 2\\bin\\SupremeCommander2.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Stardock Games\\Demigod\\bin\\Demigod.exe"=
    "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
    "c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\the settlers 7 paths to a kingdom\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\beat hazard\\BeatHazard.exe"=
    "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
    "c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
    "c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
    "c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
    "c:\\Program Files\\iTunes\\iTunesHelper.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}\\setup\\hpznui01.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
    "1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
    "53:UDP"= 53:UDP:Realtek AP UDP Prot

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/10/2010 9:47 PM 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/10/2010 9:47 PM 19024]
    R3 AE1000;Linksys AE1000 Driver;c:\windows\system32\drivers\AE1000XP.sys [8/9/2010 6:11 PM 816672]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [8/5/2010 5:58 PM 594048]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-08-20 20:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = http=127.0.0.1:6522
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Ebaguh - c:\windows\amasucefu.dll
    MSConfigStartUp-wvrnfijv - c:\documents and settings\User\Local Settings\Application Data\kvtefodbw\ucxansetssd.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-11 16:42
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(920)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    Completion time: 2010-09-11 16:43:24
    ComboFix-quarantined-files.txt 2010-09-11 23:43
    ComboFix2.txt 2010-09-11 19:45

    Pre-Run: 888,511,328,256 bytes free
    Post-Run: 888,674,041,856 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - E1585261A8575F4971E517D182AB4AC7

    Security Check Log:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    Antivirus 2010
    King's Bounty: Armored Princess
    McAfee Security Scan Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 18
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Adobe Reader 9.3
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  10. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    I hope one day I'll learn to understand this jargon. I'm an engineer but not a software/hardware one.

    This 'vundo' is the nastiest virus I've had. It was undetectable by my antivirus and survived a windows repair. Also, I am seeing alot of people having this problem with the redirects after a google search. You would think the antivirus companies would have caught on to it by now.

    I'm trying to wrack my brain as to how I got it. I haven't downloaded any suspicious files and my browser is set to medium-high security. Maybe mozilla had some sort of issue and I got it from a porn site or something.

    Seriously, I wish there was a way we could tip you guys for this service.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Part of the Combofix header is missing. There should be 2 lines naming the antivirus, antimalware and firewall and their status as either Enabled or Outdated. I don't see them in either Combofix log. Looks something like this:
    It's important because it tells me if your security was disabled and also if rogue program shows in the header.

    Antivirus 2010 which is a rogue program shows in the Security Scan. I can move the name if it shows in the Combofix header.

    Java needs to be updated to v6u21.
    Check this site .Java Updates Uninstall any earlier versions Java(TM) 6 Update 18 in Add/Remove Programs as they are vulnerabilities for the system.

    XfireXO toolbar is a legitimate entry but you mentioned something about having a hard time removing it. It is still loading but I can move the entries with script> all you have to do is run what I set up so please let me know.

    McAfee scan is still on Startup and loading from the Registry. I can remove that also with script.

    I'd like you to update Malwarebytes and run another scan. But this time, I'd like you to choose Full Scan instead of Quick Scan. Paste the new log in next reply.

    [​IMG]
    Malwarebytes' Anti-Malware
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Full scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
     
  12. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    I double checked the combofix log. There is no header that I'm aware of. Also, I had avast disabled when I did combofix last, that may be the reason.

    Going to run MBAM
     
  13. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4602

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/12/2010 7:51:31 PM
    mbam-log-2010-09-12 (19-51-31).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 252140
    Time elapsed: 35 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\kghps.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Actually, the header in Combofix should show that the AV is Avast and that it is Disabled.

    The only entry in Mbam is for the Qoobox which is where Combofix puts the quarantined files- so it's not active in the system.

    Please look in Add/Remove Programs in the Control Panel and see if Antivirus 2010 is listed there. If it is, uninstall it. then open Windows Explorer> Windows key + E> My Computer> double click on Local Drive (C)> Programs> look for Antivirus 2010> do a right click> Delete if folder is there.

    Let me know about the XO Bar and McAfee so I can finish the script. Handle the Java as instructed. Hopefully by now you are noticing some improvement in the system.
     
  15. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Things are working alot better.

    Yeah I will def want to remove mcaffee and XO.

    The problem I'm having is removing the antivirus 2010. I went into safe mode as admin and it give me this message "An error occurred while trying to remove Antivirus 2010. You do not have access to \\.\globalroot\systemroot\system32\userinit.exe. You can specify the new uninstall program below."
    and it offers a browse box that says "command line for the uninstall program"


    I'm assuming this is a fake uninstaller or something that antivirus 2010 left behind, right?
     
  16. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    Also, nothing in program files. Even with 'show hidden and system' files on.

    Strange tidings...

    I did update the java yesterday before you mentioned it in the post. Hopefully that will seal out new virus's. I'm working on activating avast again right now.
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Avast should have been enabled as soon as you finished the Combofix scan. I'd like you to #1> run the script below first, follow with #2> Eset online scan, follow with #3> HijackThis:

    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    c:\windows\system32\emptyregdb.dat
    c:\program files\XfireXO\tbXfir.dll
    c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    
    Folder::
    c:\documents and settings\All Users\Application Data\TEMP
    C:\zrpt.xml
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"
    [HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    path=-
    backup=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    =====================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ============================================
    Download the HijackThis Installer HERE and save to the desktop:
    1. Double-click on HJTInstall.exe to run the program.
    2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
    3. Accept the license agreement by clicking the "I Accept" button.
    4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
    5. Click "Save log" to save the log file and then the log will open in notepad.
    6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    Question: when you tried this> "The problem I'm having is removing the antivirus 2010. I went into safe mode as admin and it give me this message..." and got the message, what exactly were you doing?
     
  18. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    I was in control panel>add/remove programs clicking 'uninstall' when it gave me that message.
     
  19. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    All logs are attached to this post. It would have taken 5 posts to put the logs in text.
     

    Attached Files:

  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm not understand this: you were trying to uninstall a program>>what program<< and you got a message to change your home page?

    Where are you finding Antivirus 2010?

    Request again: take LimeWire off of Startup.

    You have one new infection in the Eset log:
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes	
      :Files  
      C:\WINDOWS\system32\hlp.dat
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =========================================
    Please reopen HijackThis to 'do system scan only.'. Check each of the following, if present:
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
    O4 - HKLM\..\Run: [GEST] m‘|\ü
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O24 - Desktop Component 1: (no name) - http://www.bp.com/liveassets/bp_int...local_assets/bp_homepage/html/rov_stream.html


    Close all Windows except HijackThis and click on "Fix Checked."
    ==============================================
    Click on Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close
    ==========================================
    Please run this Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    c:\windows\system32\drivers\lvuvc.hs
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\temp\Perflib_Perfdata_1d8.dat
    
    Folder::
    c:\documents and settings\User\Application Data\LimeWire
    c:\program files\XfireXO
    c:\documents and settings\User\Application Data\uTorrent
    c:\program files\iTunes Library Updater
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GEST"
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    c:\documents and settings\User\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Please paste all logs. Use as many posts as you need,
     
  21. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    I was trying to uninstall antivirus 2010 in the 'add/remove' programs utility.
     
  22. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    All processes killed
    ========== PROCESSES ==========
    ========== FILES ==========
    C:\WINDOWS\system32\hlp.dat moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 776 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 6872 bytes

    User: User
    ->Temp folder emptied: 833724 bytes
    ->Temporary Internet Files folder emptied: 119552572 bytes
    ->Java cache emptied: 57420 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 35011 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 2162283 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1330186 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 118.00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 09152010_184728

    Files moved on Reboot...
    File C:\Documents and Settings\User\Local Settings\Temp\~DF68A9.tmp not found!
    File C:\Documents and Settings\User\Local Settings\Temp\~DF68C2.tmp not found!
    File C:\Documents and Settings\User\Local Settings\Temp\~DF694C.tmp not found!
    File C:\Documents and Settings\User\Local Settings\Temp\~DF69A8.tmp not found!
    File C:\Documents and Settings\User\Local Settings\Temp\~DF6A89.tmp not found!
    File C:\Documents and Settings\User\Local Settings\Temp\~DF6AAB.tmp not found!
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O2YQTDKF\ads[3].htm moved successfully.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O2YQTDKF\sh23[1].html moved successfully.
    C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\O2YQTDKF\topic153185[1].html moved successfully.

    Registry entries deleted on Reboot...
     
  23. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    ComboFix 10-09-15.01 - User 09/15/2010 18:58:27.4.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2714 [GMT -7:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

    FILE ::
    "c:\windows\system32\drivers\logiflt.iad"
    "c:\windows\system32\drivers\lvuvc.hs"
    "c:\windows\temp\Perflib_Perfdata_1d8.dat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\User\Application Data\LimeWire
    c:\documents and settings\User\Application Data\LimeWire\active.mojito
    c:\documents and settings\User\Application Data\LimeWire\browser\xul-v2.0b2.5-do-not-remove
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
     
  24. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
     
  25. Yourdogsucks

    Yourdogsucks TS Rookie Topic Starter Posts: 30

    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\User\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\User\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\User\Application Data\LimeWire\downloads.dat
    c:\documents and settings\User\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\User\Application Data\LimeWire\gnutella.net
    c:\documents and settings\User\Application Data\LimeWire\installation.props
    c:\documents and settings\User\Application Data\LimeWire\library.dat
    c:\documents and settings\User\Application Data\LimeWire\library5.dat
    c:\documents and settings\User\Application Data\LimeWire\limewire.props
    c:\documents and settings\User\Application Data\LimeWire\lock
    c:\documents and settings\User\Application Data\LimeWire\mojito.props
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\03A7FE01d01
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\1FEE1D13d01
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\User\Application Data\LimeWire\player.props
    c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\User\Application Data\LimeWire\questions.props
    c:\documents and settings\User\Application Data\LimeWire\responses.cache
    c:\documents and settings\User\Application Data\LimeWire\simpp.cert
    c:\documents and settings\User\Application Data\LimeWire\simpp.xml
    c:\documents and settings\User\Application Data\LimeWire\spam.dat
    c:\documents and settings\User\Application Data\LimeWire\tables.props
    c:\documents and settings\User\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\User\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\User\Application Data\LimeWire\update.cert
    c:\documents and settings\User\Application Data\LimeWire\urns.dat
    c:\documents and settings\User\Application Data\LimeWire\version.xml
    c:\documents and settings\User\Application Data\LimeWire\versions.props
    c:\documents and settings\User\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\User\Application Data\uTorrent
    c:\program files\iTunes Library Updater
    c:\program files\iTunes Library Updater\Interop.iTunesLib.dll
    c:\program files\iTunes Library Updater\iTLU Handbuch.pdf
    c:\program files\iTunes Library Updater\iTLU Manual.pdf
    c:\program files\iTunes Library Updater\ITLUconsole.exe
    c:\program files\iTunes Library Updater\ITLUengine.dll
    c:\program files\iTunes Library Updater\ITLUgui.exe
    c:\program files\iTunes Library Updater\PureComponents.NicePanel.fw11.dll
    c:\program files\XfireXO
    c:\program files\XfireXO\INSTALL.LOG
    c:\program files\XfireXO\toolbar.cfg
    c:\program files\XfireXO\UNWISE.EXE
    c:\program files\XfireXO\XfireXOToolbarHelper.exe
    c:\windows\system32\drivers\logiflt.iad
    c:\windows\system32\drivers\lvuvc.hs

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-16 to 2010-09-16 )))))))))))))))))))))))))))))))
    .

    2010-09-16 01:47 . 2010-09-16 01:47 -------- d-----w- C:\_OTM
    2010-09-15 02:10 . 2010-09-15 02:10 -------- d-----w- c:\program files\ESET
    2010-09-15 01:50 . 2010-09-15 01:50 388096 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-15 01:50 . 2010-09-15 01:50 -------- d-----w- c:\program files\Trend Micro
    2010-09-14 04:51 . 2010-09-14 04:51 47364 ----a-w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
    2010-09-14 01:44 . 2010-09-14 01:45 205421 ----a-w- c:\windows\hpoins46.dat
    2010-09-12 04:00 . 2010-09-12 04:00 53248 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2010-09-12 00:29 . 2010-09-12 00:29 -------- d-----w- c:\program files\Common Files\Java
    2010-09-12 00:29 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-12 00:19 . 2010-09-12 00:19 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a5acc59-n\msvcp71.dll
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...