blocked sites ! help needed pls!

whenever my antivirus(norton 360 to be exact) updates it fails to update and then when i opened firefox , other antivirus sites doesn't work anymore like avg.com . . . .how do i fix this???

Welcome to GeekPolice.

Read this topic on how to get started:

http://www.geekpolice.net/malware-removal-support-hijackthis-logs-f11/read-this-before-posting-t3821.htm

Followed by posting a HijackThis log.

ok w8 for a few mins.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:21 PM, on 4/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\54C76F\18A57B.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\682F27\PJA2A9.EXE
C:\Program Files\Garena\Garena.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jack\Desktop\hijackgpthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [\\Ace\EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\DOCUME~1\Jack\LOCALS~1\Temp\E_S3.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [18A57B] C:\WINDOWS\system32\54C76F\18A57B.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [L08AXLRD_1082468] "C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [svchost.exe] C:\WINDOWS\system32\sys\svchost.exe
O4 - HKUS\S-1-5-21-1659004503-1303643608-839522115-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Guest2')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE (User 'Default user')
O4 - Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7926 bytes

additional info. whenever i start windows when im running other applications if i press alt=tab some sort of advertisment pops-up and its name is form 1 and when i checked it in my task manager it's process name is svchost

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKLM\..\Run: [18A57B] C:\WINDOWS\system32\54C76F\18A57B.EXE
  O4 - HKCU\..\Run: [svchost.exe] C:\WINDOWS\system32\sys\svchost.exe
  O4 - S-1-5-18 Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE (User 'SYSTEM')
  O4 - .DEFAULT Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE (User 'Default user')
  O4 - Startup: 18A57B.lnk = C:\WINDOWS\system32\54C76F\18A57B.EXE
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

everything was working but when i installed malware bytes but when the update started this pops-up:

Update failed.Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes' Anti-Malware to access to the internet.

When I saw it I checked my firewall and I saw that it was off so I think the only thing that would make the update fail is a virus/malware.Right now Malwarebytes' is scanning my computer(without the update).

This is the log after the scan

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/13/2009 9:00:13 AM
mbam-log-2009-04-13 (09-00-13).txt

Scan type: Quick Scan
Objects scanned: 70341
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Lets see what this finds.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run
  
• When complete, DDS.txt will open.
  
• Save the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

I downloaded it and when I double-clicked it the pc SHUTS DOWN. . . .could you please give me another solution?

btw what does sUBs mean?

Hello.
sUBs is the creator of DDS.

Yes, I think there is a rootkit involved here.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

another problem when I double-click avenger it opens then it closes at the speed of light.

Thanks, You've narrowed my search. I know of only one piece of malware that stops the avenger from working.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Symantec end-point protetion)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

hComboFix 09-04-14.01 - Jack 04/14/2009 11:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.137 [GMT -7:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 04:22 . 2009-04-14 04:22 -------- d-----w c:\documents and settings\Guest2\Application Data\Symantec
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\Jack\Application Data\Malwarebytes
2009-04-13 15:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 15:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:55 . 2009-04-10 19:55 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Help
2009-04-10 02:39 . 2009-04-10 02:39 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Symantec
2009-04-08 21:35 . 2009-04-08 21:41 -------- d-----w c:\documents and settings\Jack\Application Data\Symantec
2009-04-08 21:28 . 2009-04-08 21:34 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-08 21:28 . 2009-04-08 21:34 60800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-08 21:28 . 2009-04-08 21:34 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-08 21:28 . 2009-04-08 21:34 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-08 21:08 . 2009-04-08 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w c:\documents and settings\Jack\Application Data\AVGTOOLBAR
2009-04-08 16:32 . 2009-04-08 18:27 627232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 16:32 . 2009-04-08 18:27 2660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 16:32 . 2009-04-08 18:27 17184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 16:32 . 2009-04-08 18:27 10520 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 16:13 . 2009-04-08 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-08 16:13 . 2009-04-08 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Downloaded Installations
2009-04-04 01:02 . 2009-04-04 01:02 -------- d-----w c:\documents and settings\Jack\Application Data\Grisoft
2009-04-04 01:01 . 2009-04-04 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-03 00:57 . 2009-04-03 00:57 -------- d-----w c:\windows\Sun
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\windows\system32\sys
2009-04-01 18:18 . 2009-04-01 18:18 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-25 05:16 . 2009-03-25 05:16 -------- d-----w c:\windows\Logs
2009-03-25 04:41 . 2009-03-25 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-25 01:10 . 2005-01-04 09:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-25 01:10 . 2003-07-20 18:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-23 20:59 . 2004-08-04 07:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 20:59 . 2004-08-04 07:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-23 03:57 . 2009-03-23 03:57 -------- d-----w c:\documents and settings\Jack\Application Data\DAEMON Tools Pro
2009-03-23 03:45 . 2009-03-25 04:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-21 19:00 . 2009-04-08 22:51 -------- d-----w C:\pirata
2009-03-21 18:02 . 2009-04-09 06:39 -------- d-----w c:\documents and settings\Jack\Application Data\uTorrent
2009-03-17 21:45 . 2009-03-17 21:45 107520 --sha-r c:\windows\system32\dqifco.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 18:44 . 2009-04-08 21:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 17:18 . 2009-02-12 04:11 -------- d-----w c:\documents and settings\Jack\Application Data\LimeWire
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 15:43 . 2009-04-13 15:43 22016 --sh--w c:\windows\system32\682F27\nbbr7xp.exe
2009-04-13 04:04 . 2009-04-10 02:25 22016 --sh--w c:\windows\system32\682F27\nbbr6xp.exe
2009-04-12 21:01 . 2009-02-12 23:28 -------- d-----w c:\program files\Garena
2009-04-09 06:23 . 2009-04-07 01:04 22016 --sh--w c:\windows\system32\682F27\nbbrnxp.exe
2009-04-08 21:39 . 2009-04-08 21:32 -------- d-----w c:\program files\Norton 360
2009-04-08 21:34 . 2009-04-08 21:28 -------- d-----w c:\program files\Symantec
2009-04-08 21:33 . 2009-04-08 21:33 -------- d-----w c:\program files\Windows Sidebar
2009-04-08 17:38 . 2009-04-08 16:13 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-04 02:27 . 2009-04-02 17:20 22016 --sh--w c:\windows\system32\682F27\nbirnxp.exe
2009-04-02 05:01 . 2009-03-18 20:50 22016 --sh--w c:\windows\system32\682F27\nmirnxp.exe
2009-04-01 18:18 . 2009-02-12 04:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:18 . 2009-04-01 18:18 -------- d-----w c:\program files\Java
2009-04-01 17:41 . 2009-02-28 01:48 -------- d-----w c:\program files\Firaxis Games
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\e-Games
2009-03-31 20:17 . 2009-01-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 22:41 . 2009-03-23 16:55 20480 --sh--w c:\windows\system32\682F27\nmurnxp.exe
2009-03-27 03:09 . 2009-03-27 03:09 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-25 05:11 . 2009-03-23 03:47 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-21 18:13 . 2009-03-21 18:13 -------- d-----w c:\program files\LimeWire
2009-03-21 18:02 . 2009-03-21 18:02 -------- d-----w c:\program files\uTorrent
2009-03-18 02:52 . 2009-03-13 03:13 20992 --sh--w c:\windows\system32\682F27\ntirnxp.exe
2009-03-15 00:03 . 2009-03-11 23:14 -------- d-----w c:\program files\AVS4YOU
2009-03-15 00:03 . 2009-03-11 23:17 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-13 04:28 . 2009-03-11 23:23 -------- d-----w c:\documents and settings\Jack\Application Data\AVS4YOU
2009-03-13 03:06 . 2009-03-13 03:04 -------- d-----w c:\documents and settings\Jack\Application Data\GetRightToGo
2009-03-13 02:58 . 2009-03-13 02:58 1405294 --sh--r c:\windows\system32\54C76F\18A57B.EXE
2009-03-11 23:22 . 2009-03-11 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-11 03:07 . 2004-07-17 15:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 02:26 . 2009-02-28 02:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-26 13:46 . 2009-02-15 19:55 70864 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:51 . 2009-01-25 21:07 70864 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:50 . 2009-02-21 02:50 -------- d-----w c:\program files\Guitar Pro 5
2009-02-15 21:15 . 2009-02-15 20:59 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys.install_backup
2009-02-15 21:15 . 2009-02-15 21:15 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup_1
2009-02-15 21:15 . 2009-02-15 20:59 96520 ----a-w c:\windows\system32\drivers\avgldx86.sys.install_backup
2009-02-15 21:15 . 2009-02-15 20:59 26824 ----a-w c:\windows\system32\drivers\avgmfx86.sys.install_backup
2009-02-15 21:00 . 2009-02-15 21:00 12424 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-02-15 19:55 . 2009-02-15 19:55 129 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\fusioncache.dat
2009-02-15 19:55 . 2009-02-15 19:55 -------- d-----w c:\documents and settings\Guest2\Application Data\ATI
2009-02-08 00:21 . 2009-02-08 00:21 30 --sha-r c:\windows\pc-off.bat
2009-01-31 16:17 . 2009-01-25 20:57 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-29 03:49 . 2009-03-11 23:14 974848 ----a-w c:\windows\system32\mfc70.dll
2009-01-29 03:49 . 2009-03-11 23:14 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-01-29 03:49 . 2009-03-11 23:14 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-01-29 03:49 . 2009-03-11 23:14 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-01-29 03:49 . 2009-03-11 23:14 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-01-25 22:02 . 2009-01-25 22:02 127 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\fusioncache.dat
2009-01-25 21:53 . 2009-01-25 21:52 172 ----a-w C:\Sigmatel
2009-01-25 20:55 . 2009-01-25 20:55 21640 ----a-w c:\windows\system32\emptyregdb.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"L08AXLRD_1082468"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"\\Ace\EPSON Stylus C59 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE" [2006-02-22 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 DMagent;Driver Trusted;c:\windows\system32\svchost.exe [2004-08-04 14336]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - GarenaPEngine

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DMagent

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f90e04-18d8-11de-8ad4-001676d5a088}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\bar311.exe %1
\Shell\Open\command - F:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f7a624-f575-11dd-8a6f-001676d5a088}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\bar311.exe %1
\Shell\Open\command - F:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4671551a-f3fb-11dd-8a6d-001676d5a088}]
\Shell\AutoRun\command - G:\bar311.exe %1
\Shell\Explore\command - G:\bar311.exe %1
\Shell\Open\command - G:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6c6c52-0aaa-11de-8aa4-001676d5a088}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\bar311.exe %1
\Shell\Open\command - F:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d39c6b8-0e8b-11de-8aae-001676d5a088}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\bar311.exe %1
\Shell\Open\command - F:\bar311.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{976b1fed-17ca-11de-8ad2-001676d5a088}]
\Shell\AutoRun\command - F:\bar311.exe %1
\Shell\Explore\command - F:\
\Shell\Open\command - F:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3ba-0c06-11de-8aab-001676d5a088}]
\Shell\1\Command - G:\Recycle.exe
\Shell\2\Command - G:\Recycle.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycle.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3bb-0c06-11de-8aab-001676d5a088}]
\Shell\AutoRun\command - H:\bar311.exe %1
\Shell\Explore\command - H:\bar311.exe %1
\Shell\Open\command - H:\bar311.exe %1
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\945wbpqm.default\
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 11:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]
"ServiceDll"="c:\windows\system32\dqifco.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(260)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 18:52

Pre-Run: 40,594,653,184 bytes free
Post-Run: 40,624,701,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

227

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\dqifco.dll

Folder::
c:\documents and settings\Jack\Application Data\uTorrent
c:\documents and settings\Jack\Application Data\LimeWire
c:\windows\system32\682F27
c:\program files\LimeWire
c:\program files\uTorrent

NetSvc::
DMagent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f90e04-18d8-11de-8ad4-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f7a624-f575-11dd-8a6f-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4671551a-f3fb-11dd-8a6d-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6c6c52-0aaa-11de-8aa4-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d39c6b8-0e8b-11de-8aae-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{976b1fed-17ca-11de-8ad2-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3ba-0c06-11de-8aab-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3bb-0c06-11de-8aab-001676d5a088}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-14.01 - Jack 04/15/2009 8:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.122 [GMT -7:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\dqifco.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jack\Application Data\LimeWire
c:\documents and settings\Jack\Application Data\LimeWire\.AppSpecialShare\LimeWire 5.0.11 Pro Multilang - Final.torrent
c:\documents and settings\Jack\Application Data\LimeWire\.AppSpecialShare\Show.Me.Microsoft.Office.Powerpoint.2003.chm.torrent
c:\documents and settings\Jack\Application Data\LimeWire\active.mojito
c:\documents and settings\Jack\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\svg.css

c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Jack\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Jack\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Jack\Application Data\LimeWire\downloads.dat
c:\documents and settings\Jack\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Jack\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Jack\Application Data\LimeWire\filters.props
c:\documents and settings\Jack\Application Data\LimeWire\gnutella.net
c:\documents and settings\Jack\Application Data\LimeWire\installation.props
c:\documents and settings\Jack\Application Data\LimeWire\library.dat
c:\documents and settings\Jack\Application Data\LimeWire\library5.dat
c:\documents and settings\Jack\Application Data\LimeWire\limewire.props
c:\documents and settings\Jack\Application Data\LimeWire\mojito.props
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A99d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\E746DCC7d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Jack\Application Data\LimeWire\questions.props
c:\documents and settings\Jack\Application Data\LimeWire\responses.cache
c:\documents and settings\Jack\Application Data\LimeWire\simpp.xml
c:\documents and settings\Jack\Application Data\LimeWire\spam.dat
c:\documents and settings\Jack\Application Data\LimeWire\tables.props
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\version.txt
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\Jack\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Jack\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Jack\Application Data\LimeWire\version.xml
c:\documents and settings\Jack\Application Data\LimeWire\versions.props
c:\documents and settings\Jack\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Jack\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Jack\Application Data\uTorrent
c:\documents and settings\Jack\Application Data\uTorrent\CivCity Rome.torrent
c:\documents and settings\Jack\Application Data\uTorrent\dht.dat
c:\documents and settings\Jack\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\resume.dat
c:\documents and settings\Jack\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\rss.dat
c:\documents and settings\Jack\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\settings.dat
c:\documents and settings\Jack\Application Data\uTorrent\settings.dat.old
c:\program files\LimeWire
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar

c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\682F27
c:\windows\system32\682F27\a1.ini
c:\windows\system32\682F27\a2.ini
c:\windows\system32\682F27\a3.ini
c:\windows\system32\682F27\AK0526A.EXE
c:\windows\system32\682F27\AN0526A.EXE
c:\windows\system32\682F27\cnvpe.fne
c:\windows\system32\682F27\dp1.fne
c:\windows\system32\682F27\eAPI.fne
c:\windows\system32\682F27\HtmlView.fne
c:\windows\system32\682F27\internet.fne
c:\windows\system32\682F27\krnln.fnr
c:\windows\system32\682F27\KWA2A9.EXE
c:\windows\system32\682F27\KZ0526A.EXE
c:\windows\system32\682F27\nbbr6xp.exe
c:\windows\system32\682F27\nbbr7xp.exe
c:\windows\system32\682F27\nbbrnxp.exe
c:\windows\system32\682F27\nbirnxp.exe
c:\windows\system32\682F27\nmirnxp.exe
c:\windows\system32\682F27\nmurnxp.exe
c:\windows\system32\682F27\ntirnxp.exe
c:\windows\system32\682F27\p.ini
c:\windows\system32\682F27\PJA2A9.EXE
c:\windows\system32\682F27\PP-A2A9.EXE
c:\windows\system32\682F27\PWA2A9.EXE
c:\windows\system32\682F27\RegEx.fnr
c:\windows\system32\682F27\shell.fne
c:\windows\system32\682F27\spec.fne
c:\windows\system32\dqifco.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMagent
-------\Service_DMagent


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 04:22 . 2009-04-14 04:22 -------- d-----w c:\documents and settings\Guest2\Application Data\Symantec
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\Jack\Application Data\Malwarebytes
2009-04-13 15:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 15:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:55 . 2009-04-10 19:55 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Help
2009-04-10 02:39 . 2009-04-10 02:39 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Symantec
2009-04-08 21:35 . 2009-04-08 21:41 -------- d-----w c:\documents and settings\Jack\Application Data\Symantec
2009-04-08 21:28 . 2009-04-08 21:34 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-08 21:28 . 2009-04-08 21:34 60800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-08 21:28 . 2009-04-08 21:34 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-08 21:28 . 2009-04-08 21:34 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-08 21:08 . 2009-04-08 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w c:\documents and settings\Jack\Application Data\AVGTOOLBAR
2009-04-08 16:32 . 2009-04-08 18:27 627232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 16:32 . 2009-04-08 18:27 2660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 16:32 . 2009-04-08 18:27 17184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 16:32 . 2009-04-08 18:27 10520 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 16:13 . 2009-04-08 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-08 16:13 . 2009-04-08 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Downloaded Installations
2009-04-04 01:02 . 2009-04-04 01:02 -------- d-----w c:\documents and settings\Jack\Application Data\Grisoft
2009-04-04 01:01 . 2009-04-04 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-03 00:57 . 2009-04-03 00:57 -------- d-----w c:\windows\Sun
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\windows\system32\sys
2009-04-01 18:18 . 2009-04-01 18:18 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-25 05:16 . 2009-03-25 05:16 -------- d-----w c:\windows\Logs
2009-03-25 04:41 . 2009-03-25 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-25 01:10 . 2005-01-04 09:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-25 01:10 . 2003-07-20 18:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-23 20:59 . 2004-08-04 07:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 20:59 . 2004-08-04 07:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-23 03:57 . 2009-03-23 03:57 -------- d-----w c:\documents and settings\Jack\Application Data\DAEMON Tools Pro
2009-03-23 03:45 . 2009-03-25 04:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-21 19:00 . 2009-04-15 15:41 -------- d-----w C:\pirata

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 15:49 . 2009-04-08 21:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 21:01 . 2009-02-12 23:28 -------- d-----w c:\program files\Garena
2009-04-08 21:39 . 2009-04-08 21:32 -------- d-----w c:\program files\Norton 360
2009-04-08 21:34 . 2009-04-08 21:28 -------- d-----w c:\program files\Symantec
2009-04-08 21:33 . 2009-04-08 21:33 -------- d-----w c:\program files\Windows Sidebar
2009-04-08 17:38 . 2009-04-08 16:13 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-01 18:18 . 2009-02-12 04:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:18 . 2009-04-01 18:18 -------- d-----w c:\program files\Java
2009-04-01 17:41 . 2009-02-28 01:48 -------- d-----w c:\program files\Firaxis Games
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\e-Games
2009-03-31 20:17 . 2009-01-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 03:09 . 2009-03-27 03:09 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-25 05:11 . 2009-03-23 03:47 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-15 00:03 . 2009-03-11 23:14 -------- d-----w c:\program files\AVS4YOU
2009-03-15 00:03 . 2009-03-11 23:17 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-13 04:28 . 2009-03-11 23:23 -------- d-----w c:\documents and settings\Jack\Application Data\AVS4YOU
2009-03-13 03:06 . 2009-03-13 03:04 -------- d-----w c:\documents and settings\Jack\Application Data\GetRightToGo
2009-03-13 02:58 . 2009-03-13 02:58 1405294 --sh--r c:\windows\system32\54C76F\18A57B.EXE
2009-03-11 23:22 . 2009-03-11 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-11 03:07 . 2004-07-17 15:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 02:26 . 2009-02-28 02:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-26 13:46 . 2009-02-15 19:55 70864 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:51 . 2009-01-25 21:07 70864 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:50 . 2009-02-21 02:50 -------- d-----w c:\program files\Guitar Pro 5
2009-02-15 21:15 . 2009-02-15 20:59 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys.install_backup
2009-02-15 21:15 . 2009-02-15 21:15 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup_1
2009-02-15 21:15 . 2009-02-15 20:59 96520 ----a-w c:\windows\system32\drivers\avgldx86.sys.install_backup
2009-02-15 21:15 . 2009-02-15 20:59 26824 ----a-w c:\windows\system32\drivers\avgmfx86.sys.install_backup
2009-02-15 21:00 . 2009-02-15 21:00 12424 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-02-15 19:55 . 2009-02-15 19:55 129 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\fusioncache.dat
2009-02-15 19:55 . 2009-02-15 19:55 -------- d-----w c:\documents and settings\Guest2\Application Data\ATI
2009-02-08 00:21 . 2009-02-08 00:21 30 --sha-r c:\windows\pc-off.bat
2009-01-31 16:17 . 2009-01-25 20:57 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-29 03:49 . 2009-03-11 23:14 974848 ----a-w c:\windows\system32\mfc70.dll
2009-01-29 03:49 . 2009-03-11 23:14 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-01-29 03:49 . 2009-03-11 23:14 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-01-29 03:49 . 2009-03-11 23:14 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-01-29 03:49 . 2009-03-11 23:14 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-01-25 22:02 . 2009-01-25 22:02 127 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\fusioncache.dat
2009-01-25 21:53 . 2009-01-25 21:52 172 ----a-w C:\Sigmatel
2009-01-25 20:55 . 2009-01-25 20:55 21640 ----a-w c:\windows\system32\emptyregdb.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_18.51.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 15:49 . 2009-04-15 15:49 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2009-04-15 15:49 . 2009-04-15 15:49 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2009-04-15 15:48 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"L08AXLRD_1082468"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"\\Ace\EPSON Stylus C59 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE" [2006-02-22 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=

R2 DMagent;Driver Trusted;c:\windows\system32\svchost.exe [2004-08-04 14336]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - DMAGENT
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\945wbpqm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 08:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]
"ServiceDll"="c:\windows\system32\dqifco.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\stacsv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-15 15:52
ComboFix2.txt 2009-04-14 18:52

Pre-Run: 40,705,744,896 bytes free
Post-Run: 40,606,027,776 bytes free

697

Hmm, it came back.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
DMAGENT

File::
c:\windows\system32\dqifco.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 09-04-14.01 - Jack 04/15/2009 12:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.106 [GMT -7:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\dqifco.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMAGENT
-------\Service_DMagent


((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 16:13 . 2009-04-15 16:13 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-15 16:13 . 2009-04-15 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-14 04:22 . 2009-04-14 04:22 -------- d-----w c:\documents and settings\Guest2\Application Data\Symantec
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\Jack\Application Data\Malwarebytes
2009-04-13 15:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 15:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:55 . 2009-04-10 19:55 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Help
2009-04-10 02:39 . 2009-04-10 02:39 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Symantec
2009-04-08 21:35 . 2009-04-08 21:41 -------- d-----w c:\documents and settings\Jack\Application Data\Symantec
2009-04-08 21:28 . 2009-04-08 21:34 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-08 21:28 . 2009-04-08 21:34 60800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-08 21:28 . 2009-04-08 21:34 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-08 21:28 . 2009-04-08 21:34 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-08 21:08 . 2009-04-15 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w c:\documents and settings\Jack\Application Data\AVGTOOLBAR
2009-04-08 16:32 . 2009-04-08 18:27 627232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 16:32 . 2009-04-08 18:27 2660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 16:32 . 2009-04-08 18:27 17184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 16:32 . 2009-04-08 18:27 10520 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 16:13 . 2009-04-08 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-08 16:13 . 2009-04-08 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Downloaded Installations
2009-04-04 01:02 . 2009-04-04 01:02 -------- d-----w c:\documents and settings\Jack\Application Data\Grisoft
2009-04-04 01:01 . 2009-04-04 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-03 00:57 . 2009-04-03 00:57 -------- d-----w c:\windows\Sun
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\windows\system32\sys
2009-04-01 18:18 . 2009-04-01 18:18 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-25 05:16 . 2009-03-25 05:16 -------- d-----w c:\windows\Logs
2009-03-25 04:41 . 2009-03-25 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-25 01:10 . 2005-01-04 09:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-25 01:10 . 2003-07-20 18:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-23 20:59 . 2004-08-04 07:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 20:59 . 2004-08-04 07:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-23 03:57 . 2009-03-23 03:57 -------- d-----w c:\documents and settings\Jack\Application Data\DAEMON Tools Pro
2009-03-23 03:45 . 2009-03-25 04:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-21 19:00 . 2009-04-15 15:41 -------- d-----w C:\pirata

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 19:34 . 2009-04-08 21:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 19:22 . 2009-04-08 21:32 -------- d-----w c:\program files\Norton 360
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 21:01 . 2009-02-12 23:28 -------- d-----w c:\program files\Garena
2009-04-08 21:34 . 2009-04-08 21:28 -------- d-----w c:\program files\Symantec
2009-04-08 21:33 . 2009-04-08 21:33 -------- d-----w c:\program files\Windows Sidebar
2009-04-08 17:38 . 2009-04-08 16:13 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-01 18:18 . 2009-02-12 04:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:18 . 2009-04-01 18:18 -------- d-----w c:\program files\Java
2009-04-01 17:41 . 2009-02-28 01:48 -------- d-----w c:\program files\Firaxis Games
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\e-Games
2009-03-31 20:17 . 2009-01-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 03:09 . 2009-03-27 03:09 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-25 05:11 . 2009-03-23 03:47 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-15 00:03 . 2009-03-11 23:14 -------- d-----w c:\program files\AVS4YOU
2009-03-15 00:03 . 2009-03-11 23:17 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-13 04:28 . 2009-03-11 23:23 -------- d-----w c:\documents and settings\Jack\Application Data\AVS4YOU
2009-03-13 03:06 . 2009-03-13 03:04 -------- d-----w c:\documents and settings\Jack\Application Data\GetRightToGo
2009-03-13 02:58 . 2009-03-13 02:58 1405294 --sh--r c:\windows\system32\54C76F\18A57B.EXE
2009-03-11 23:22 . 2009-03-11 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-11 03:07 . 2004-07-17 15:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 02:26 . 2009-02-28 02:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-26 13:46 . 2009-02-15 19:55 70864 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:51 . 2009-01-25 21:07 70864 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:50 . 2009-02-21 02:50 -------- d-----w c:\program files\Guitar Pro 5
2009-02-15 21:15 . 2009-02-15 20:59 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys.install_backup
2009-02-15 21:15 . 2009-02-15 21:15 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup_1
2009-02-15 21:15 . 2009-02-15 20:59 96520 ----a-w c:\windows\system32\drivers\avgldx86.sys.install_backup
2009-02-15 21:15 . 2009-02-15 20:59 26824 ----a-w c:\windows\system32\drivers\avgmfx86.sys.install_backup
2009-02-15 21:00 . 2009-02-15 21:00 12424 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-02-15 19:55 . 2009-02-15 19:55 129 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\fusioncache.dat
2009-02-15 19:55 . 2009-02-15 19:55 -------- d-----w c:\documents and settings\Guest2\Application Data\ATI
2009-02-08 00:21 . 2009-02-08 00:21 30 --sha-r c:\windows\pc-off.bat
2009-01-31 16:17 . 2009-01-25 20:57 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-29 03:49 . 2009-03-11 23:14 974848 ----a-w c:\windows\system32\mfc70.dll
2009-01-29 03:49 . 2009-03-11 23:14 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-01-29 03:49 . 2009-03-11 23:14 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-01-29 03:49 . 2009-03-11 23:14 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-01-29 03:49 . 2009-03-11 23:14 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-01-25 22:02 . 2009-01-25 22:02 127 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\fusioncache.dat
2009-01-25 21:53 . 2009-01-25 21:52 172 ----a-w C:\Sigmatel
2009-01-25 20:55 . 2009-01-25 20:55 21640 ----a-w c:\windows\system32\emptyregdb.dat
2008-06-30 20:2009-04-15 19:22 44:08 . c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-14_18.51.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 19:34 . 2009-04-15 19:34 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2009-04-15 19:34 . 2009-04-15 19:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-10-16 21:09 . 2008-10-16 21:09 43544 c:\windows\system32\wups2.dll
+ 2009-01-25 20:56 . 2008-10-16 21:08 34328 c:\windows\system32\wups.dll
+ 2009-01-25 20:56 . 2008-10-16 21:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-04-15 15:51 . 2008-10-16 21:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2009-04-15 16:13 . 2008-04-17 20:12 15464 c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-01-29 19:01 . 2008-04-17 20:12 15464 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-01-13 02:32 . 2008-07-31 00:42 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2009-01-25 20:56 . 2008-10-16 21:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2009-01-25 20:56 . 2008-10-16 21:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 04:56 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 04:56 . 2008-10-16 21:09 92696 c:\windows\system32\cdm.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 202776 c:\windows\system32\wuweb.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 323608 c:\windows\system32\wucltui.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 561688 c:\windows\system32\wuapi.dll
- 2008-01-29 19:02 . 2008-01-29 19:02 107368 c:\windows\system32\GEARAspi.dll
+ 2008-01-29 19:02 . 2008-04-17 20:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-04-15 16:13 . 2008-04-17 20:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-21 22:02 . 2008-02-21 22:02 873848 c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LUALL.EXE
+ 2009-04-15 19:32 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-25 20:56 . 2008-10-16 21:13 1809944 c:\windows\system32\wuaueng.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 1809944 c:\windows\system32\dllcache\wuaueng.dll

+ 2008-02-21 22:02 . 2008-02-21 22:02 3220856 c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LuComServer.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-04-01 18:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-04-01 18:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 10:47 160496 ----a-w c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\program files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-06-30 349552]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\program files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-06-30 349552]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"L08AXLRD_1082468"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"\\Ace\EPSON Stylus C59 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE" [2006-02-22 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-08-25 133120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\945wbpqm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 12:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\stacsv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-15 19:37
ComboFix2.txt 2009-04-15 15:52
ComboFix3.txt 2009-04-14 18:52

Pre-Run: 40,361,095,168 bytes free
Post-Run: 40,350,679,040 bytes free

281

The bad file is gone.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

TY! my computer now has no pop-ups and is running smoothly. I just have a question : am I going to uninstall malwarebytes or just keep it with my norton360?

Keep MBAM.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Thanks for all the help! Uhm , about all of the programs you recommended will all of them slow down the performance of my pc and do i hae to run them all the time?

Yeah, they probably will slow it down if you run all 4. Just run one or two.

ok

THANKS FOR ALL!!