 Infected - browser redirect unable to open certain programs, Rootrepeal freezes my computer |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jan 15 2010, 06:06 PM
Post
#16
|
|
|
Member  Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166  |
I got windows to load but I dont want to open anything yet so as not to get infected. I still show those porn shortcuts on the desktop. Please advise on cleaning this monster. I really appreciate all of your help. |
 |
 
|
|
Jan 15 2010, 06:25 PM
Post
#17
|
|
 Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Excellent.
 I am glad that worked. We have some work to do. Please do this...... RKill by Grinler Link #1
========== Download and Run ComboFix (by sUBs) You must rename it before saving it.   Please download ComboFix from one of these locations: Link 1 Link 2 Save thcbytes.exe to your Desktop <-- Important!!!
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.  Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper ========== We need to create an OTL Report
========== Please download GMER from one of the following locations and save it to your desktop:
========== With your next post please provide: * Combofix.txt * OTL.txt * Extra.txt * Gmer log Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
 I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
icon on your desktop.
textbox. Do not include the word "Code"
|
Jan 15 2010, 08:46 PM
Post
#18
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
OK got everything up until the OTL which seems to freeze when it scans NT Drivers32
Here is my combo fix log: ComboFix 10-01-15.01 - workstation 2010-01-15 15:50:52.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.710 [GMT -8:00] Running from: c:\documents and settings\workstation\Desktop\thcbytes.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Desktop\nudetube.com.lnk c:\documents and settings\All Users\Desktop\pornotube.com.lnk c:\documents and settings\All Users\Desktop\youporn.com.lnk c:\windows\system32\Install.txt ----- BITS: Possible infected sites ----- hxxp://85.12.18.119 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_H8SRTd.sys -------\Legacy_IAS -------\Legacy_WINSTS -------\Service_H8SRTd.sys -------\Service_Ias ((((((((((((((((((((((((( Files Created from 2009-12-16 to 2010-01-16 ))))))))))))))))))))))))))))))) . 2010-01-15 23:16 . 2010-01-15 23:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-07 17:36 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19 . 2010-01-06 17:19 -------- d-----w- c:\program files\TrendMicro 2010-01-02 04:28 . 2010-01-02 04:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-12-30 00:42 . 2009-12-30 00:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-12-23 18:04 . 2009-12-23 18:04 60744 ----a-w- c:\documents and settings\workstation\g2mdlhlpx.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-15 20:56 . 2009-03-28 17:58 -------- d-----w- c:\program files\LogMeIn 2010-01-11 18:15 . 2010-01-11 18:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 20:42 . 2009-12-30 01:33 52224 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-07 20:42 . 2009-12-30 01:33 117760 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-06 21:26 . 2009-03-31 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-06 17:19 . 2010-01-06 17:19 388096 ----a-r- c:\documents and settings\workstation\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-04 17:26 . 2006-04-15 19:32 -------- d-----w- c:\program files\Citrix 2009-12-31 00:58 . 2008-03-06 18:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-30 01:33 . 2009-03-31 21:43 -------- d-----w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com 2009-12-30 01:17 . 2006-03-28 21:08 -------- d-----w- c:\documents and settings\workstation\Application Data\Azureus 2009-12-26 18:03 . 2006-03-28 21:08 -------- d-----w- c:\program files\Azureus 2009-12-17 23:52 . 2006-01-28 21:34 -------- d-----w- c:\documents and settings\workstation\Application Data\Apple Computer 2009-12-16 20:28 . 2009-12-16 20:26 -------- d-----w- c:\program files\Business Objects 2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\workstation\Application Data\LogMeIn Rescue 2009-12-14 20:45 . 2009-12-14 20:45 -------- d-----w- c:\program files\LogMeIn Rescue 2009-12-10 01:37 . 2009-05-19 22:05 -------- d-----w- c:\program files\BeerSmith 2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\documents and settings\workstation\Application Data\Softplicity 2009-11-27 21:16 . 2004-10-21 17:22 71472 ----a-w- c:\documents and settings\workstation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\MSBuild 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\Reference Assemblies 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\program files\Xobni 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-11-16 22:53 . 2002-10-17 00:31 96512 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-11-03 04:42 . 2009-10-03 06:12 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 07:46 . 2004-02-07 01:05 832512 ----a-w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-26 18:34 . 1980-01-01 07:00 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-23 22:42 . 2009-10-23 22:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "HijackThis startup scan"="c:\program files\TrendMicro\HiJackThis\HijackThis.exe" [2009-10-12 388096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-10-26 114688] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-26 118837] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-01 18:01 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^workstation^Start Menu^Programs^Startup^MailWasherPro.lnk] backup=c:\windows\pss\MailWasherPro.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simplify Media] 2009-08-22 00:04 21837320 ----a-w- c:\program files\Simplify Media\SimplifyMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2005-10-25 00:53 307200 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2002-07-30 18:35 77824 ----a-w- c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 7:21 AM 33800] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 1:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 1:07 PM 74480] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 7:21 AM 468224] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 5:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 9:59 AM 47640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-24 8:30 AM 24652] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 6:19 PM 13592] S0 xyzzrked;xyzzrked; [x] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 9:36 AM 38224] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 1:07 PM 7408] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2010-01-16 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.800buytickets.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 FF - ProfilePath - c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-15 16:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF8004E0-74D6-E5E1-DE92687B6F22CED2}\{D850A7E8-A29C-FCE9-D9B4F577AA6BB789}\{16701812-CEC8-7CB2-559D4C938E3C932C}*] "Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd, 3a . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(736) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(1512) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\windows\system32\ICO.EXE c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2010-01-15 16:18:21 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-16 00:18 ComboFix2.txt 2009-11-02 21:36 ComboFix3.txt 2009-04-01 01:15 Pre-Run: 5,357,420,544 bytes free Post-Run: 5,720,358,912 bytes free - - End Of File - - CB8F3E2E09484F935E9CE46EB882587D I waited on the gmer in case they need to be run in order. Thanks. |
|
|
|
|
Jan 16 2010, 11:33 AM
Post
#19
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Hi,
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause: 1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't. 2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time. Therefore please go to add/remove in the control panel and remove either ESET NOD32 Antivirus 3.0 or ThreatFire. I would keep the ESET and remove the ThreatFire. ========== It looks like you have run CF before. Would you please look and see if there is a C:\combofix.txt from the run that preceded this. Please post it for my review. ========== Did you purposely set this page? It has a poor reputation. QUOTE hxxp://www.800buytickets.com/ ========== Ask Toolbar Warning I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:
========== Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player. ========== You appear to have a Remote Control application installed. In your case, this is refering to LogMeIn. Remote Control programs allow complete control of your machine as if you are sitting in front of it, even if you are in some distant location. While this can be a good thing, we need to make sure that this software was installed for a benign purpose, and not for a malicious one. If an attacker installed one of these programs, it would allow them to remotely control your computer, steal critical system information and download and execute files. If you have this application installed on purpose, than you can safely ignore this warning but if you wish you may wish to uninstall it as it is a risk. If you didn't install this application, please remove (uninstall) it from Add or Remove Programs now. ==========  P2P Warning Your log indicates that you have Azureus installed. • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. - They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. - Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. - The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology. Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again. I would recommend that you uninstall Azureus, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. ========== Do this..... Re-run RKill then........ Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE DDS:: uStart Page = hxxp://www.800buytickets.com/ RegNull:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF8004E0-74D6-E5E1-DE92687B6F22CED2}\{D850A7E8-A29C-FCE9-D9B4F577AA6BB789}\{16701812-CEC8-7CB2-559D4C938E3C932C}*] Registry:: [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"=- "NoActiveDesktopChanges"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=- Driver:: xyzzrked Save this as CFScript.txt, in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ========== Now.... Re-run RKill and..... Run OTL then Gmer as described above ========== With your next post please provide: * Which AV did you remove? * C:\Combofix from 1st run * Answer to buyticket question * Did you remove Ask and Viewpoint if present? * LogMeIn there purpoely? * Did you remove Azureus? * Combofix.txt * OTL.txt * Extra.txt * Gmer log * How is your computer running? Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
|
Jan 18 2010, 02:38 PM
Post
#20
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
OK, answers to your questions:
I had uninstalled threatfire months ago and it seems that its stuck in my program files and my right click menu. The file in program files will not delete, says it is being used or locked. I dont know where ask toolbar came from but I had uninstalled that as soon as I saw it in my program files. Neither threatfire or ask toolbar show up in the add/remove programs window. It looks like I have tried combo fix before, here is the log from Nov last year: ComboFix 09-11-01.04 - workstation 2009-11-02 13:17.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.769 [GMT -8:00] Running from: c:\documents and settings\workstation\Desktop\BG\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\WORKST~1\LOCALS~1\Temp\{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}\_ISRES.DLL c:\docume~1\WORKST~1\LOCALS~1\Temp\{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}\ISRT.DLL c:\docume~1\WORKST~1\LOCALS~1\Temp\MSI36.tmp c:\documents and settings\workstation\Local Settings\temp\{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}\_ISRES.DLL c:\documents and settings\workstation\Local Settings\temp\{0EFC6259-3AD8-4CD2-BC57-D4937AF5CC0E}\ISRT.DLL c:\documents and settings\workstation\Local Settings\temp\MSI36.tmp . ((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 ))))))))))))))))))))))))))))))) . 2009-10-26 23:56 . 2009-10-26 23:56 -------- d-----w- c:\documents and settings\workstation\Local Settings\Application Data\ESET 2009-10-26 21:30 . 2009-10-26 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure 2009-10-26 21:30 . 2009-10-26 22:03 -------- d-----w- c:\program files\RegCure 2009-10-26 18:41 . 2009-10-26 18:41 -------- d-----w- c:\program files\ESET 2009-10-26 18:41 . 2009-10-26 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-10-26 18:04 . 2009-10-26 18:04 -------- d-----w- c:\documents and settings\workstation\Application Data\URSoft 2009-10-26 18:04 . 2009-10-26 18:39 -------- d-----w- c:\program files\Your Uninstaller 2008 2009-10-23 22:58 . 2009-10-23 22:58 -------- d-----w- c:\program files\iPod 2009-10-23 22:58 . 2009-10-23 22:59 -------- d-----w- c:\program files\iTunes 2009-10-23 22:58 . 2009-10-23 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-13 16:36 . 2009-10-13 16:36 -------- d-----w- c:\documents and settings\workstation\Local Settings\Application Data\AIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-02 21:29 . 2009-11-02 21:29 443380 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-11-02 18:01 . 2009-03-28 17:58 -------- d-----w- c:\program files\LogMeIn 2009-10-30 19:47 . 2006-03-28 21:08 -------- d-----w- c:\documents and settings\workstation\Application Data\Azureus 2009-10-29 23:47 . 2009-03-31 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-26 18:34 . 1980-01-01 07:00 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-26 18:32 . 2009-05-19 22:05 -------- d-----w- c:\program files\BeerSmith 2009-10-26 18:32 . 2008-03-14 00:13 -------- d-----w- c:\program files\ABBYY PDF Transformer 2.0 2009-10-26 18:14 . 2008-03-06 18:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-26 18:03 . 2006-03-28 21:08 -------- d-----w- c:\program files\Azureus 2009-10-26 17:53 . 2009-03-31 21:43 -------- d-----w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com 2009-10-26 17:53 . 2005-09-14 21:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-23 22:58 . 2008-11-11 18:40 -------- d-----w- c:\program files\Common Files\Apple 2009-10-23 22:55 . 2009-04-13 23:11 -------- d-----w- c:\program files\QuickTime 2009-10-06 18:54 . 2008-08-04 19:00 -------- d-----w- c:\program files\ProMash 2009-10-01 18:01 . 2009-03-28 17:59 28984 ----a-w- c:\windows\system32\LMIport.dll 2009-10-01 18:01 . 2009-03-28 17:59 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll 2009-10-01 18:01 . 2009-03-28 17:59 87352 ----a-w- c:\windows\system32\LMIinit.dll 2009-10-01 17:29 . 2009-10-03 06:12 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-09-29 23:05 . 2009-09-29 23:05 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2003 2009-09-29 23:04 . 2009-09-29 23:04 -------- d-----w- c:\program files\Crystal Decisions 2009-09-23 18:16 . 2009-09-23 18:16 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 14:18 . 1980-01-01 07:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 18:02 . 2008-10-17 03:35 11552 ----a-w- c:\windows\system32\lmimirr2.dll 2009-09-07 18:02 . 2008-10-17 03:35 25248 ----a-w- c:\windows\system32\lmimirr.dll 2009-09-04 21:03 . 1980-01-01 07:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2004-02-07 01:05 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-29 02:42 . 2009-04-13 23:09 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-29 02:42 . 2008-11-11 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-26 08:00 . 1980-01-01 07:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-07 02:24 . 2004-08-16 14:11 327896 ----a-w- c:\windows\system32\wucltui.dll 2009-08-07 02:24 . 2004-08-16 14:11 209632 ----a-w- c:\windows\system32\wuweb.dll 2009-08-07 02:24 . 2005-05-26 11:16 44768 ----a-w- c:\windows\system32\wups2.dll 2009-08-07 02:24 . 2004-08-16 14:11 35552 ----a-w- c:\windows\system32\wups.dll 2009-08-07 02:24 . 2003-02-19 20:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-08-07 02:24 . 1980-01-01 07:00 96480 ----a-w- c:\windows\system32\cdm.dll 2009-08-07 02:23 . 2004-08-16 14:11 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-08-07 02:23 . 2006-03-24 17:03 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-08-07 02:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll 2009-08-07 02:23 . 2003-02-19 20:24 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-08-05 09:01 . 2002-12-12 07:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-05 03:44 . 1980-01-01 07:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-05 02:52 . 2009-08-05 02:52 1193832 ----a-w- c:\windows\system32\FM20.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-10-26 114688] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-26 118837] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2003-11-20 57344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-01 18:01 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^workstation^Start Menu^Programs^Startup^MailWasherPro.lnk] backup=c:\windows\pss\MailWasherPro.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 7:21 AM 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 7:21 AM 468224] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 5:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 9:59 AM 47640] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-24 8:30 AM 24652] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 6:19 PM 13592] S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-05-29 3:03 PM 16384] S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\PELUSBLF.SYS [2004-05-29 3:03 PM 9216] S4 LMIRfsClientNP;LMIRfsClientNP; [x] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-02 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] 2009-11-02 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] 2009-11-02 c:\windows\Tasks\RegCure Startup.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] 2009-11-02 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2009-09-21 19:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.800buytickets.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 FF - ProfilePath - c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-02 13:29 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EF8004E0-74D6-E5E1-DE92687B6F22CED2}\{D850A7E8-A29C-FCE9-D9B4F577AA6BB789}\{16701812-CEC8-7CB2-559D4C938E3C932C}*] "Q3FBLH6RIF6MYMN6VD31LVQSMD1"=hex:01,00,00,00,00,00,00,00,5c,63,e8,cf,f7,e6,fd, 3a . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(736) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2012) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2009-11-02 13:36 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-02 21:35 ComboFix2.txt 2009-04-01 01:15 Pre-Run: 6,848,040,960 bytes free Post-Run: 11,812,814,848 bytes free - - End Of File - - 4D3765BCF6D78B726C3303145773C299 Yes the buyticket is my doing I have removed Viewpoint but do not see the ask toolbar in the add/remove screen Logmein is my doing I have uninstalled Azureus Combofix from this morning: ComboFix 10-01-15.01 - workstation 2010-01-18 10:37:48.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.828 [GMT -8:00] Running from: c:\documents and settings\workstation\Desktop\thcbytes.exe Command switches used :: c:\documents and settings\workstation\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_XYZZRKED -------\Service_xyzzrked ((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))))) . 2010-01-16 00:04 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-15 23:16 . 2010-01-15 23:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-07 17:36 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19 . 2010-01-06 17:19 -------- d-----w- c:\program files\TrendMicro 2010-01-02 04:28 . 2010-01-02 04:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-12-30 00:42 . 2009-12-30 00:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-12-23 18:04 . 2009-12-23 18:04 60744 ----a-w- c:\documents and settings\workstation\g2mdlhlpx.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-18 18:31 . 2006-03-28 21:08 -------- d-----w- c:\program files\Azureus 2010-01-18 18:28 . 2007-01-24 20:53 -------- d-----w- c:\documents and settings\workstation\Application Data\Viewpoint 2010-01-18 18:28 . 2004-06-28 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2010-01-18 18:28 . 2004-06-28 14:17 -------- d-----w- c:\program files\Viewpoint 2010-01-18 17:21 . 2009-03-28 17:58 -------- d-----w- c:\program files\LogMeIn 2010-01-14 19:12 . 2009-10-03 06:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 18:15 . 2010-01-11 18:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 20:42 . 2009-12-30 01:33 52224 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-07 20:42 . 2009-12-30 01:33 117760 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-06 21:26 . 2009-03-31 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-06 17:19 . 2010-01-06 17:19 388096 ----a-r- c:\documents and settings\workstation\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-04 17:26 . 2006-04-15 19:32 -------- d-----w- c:\program files\Citrix 2009-12-30 01:33 . 2009-03-31 21:43 -------- d-----w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com 2009-12-30 01:17 . 2006-03-28 21:08 -------- d-----w- c:\documents and settings\workstation\Application Data\Azureus 2009-12-17 23:52 . 2006-01-28 21:34 -------- d-----w- c:\documents and settings\workstation\Application Data\Apple Computer 2009-12-16 20:28 . 2009-12-16 20:26 -------- d-----w- c:\program files\Business Objects 2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\workstation\Application Data\LogMeIn Rescue 2009-12-14 20:45 . 2009-12-14 20:45 -------- d-----w- c:\program files\LogMeIn Rescue 2009-12-10 01:37 . 2009-05-19 22:05 -------- d-----w- c:\program files\BeerSmith 2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\documents and settings\workstation\Application Data\Softplicity 2009-11-27 21:16 . 2004-10-21 17:22 71472 ----a-w- c:\documents and settings\workstation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\MSBuild 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\Reference Assemblies 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\program files\Xobni 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus 2009-11-21 15:51 . 1980-01-01 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-16 22:53 . 2002-10-17 00:31 96512 ------w- c:\windows\system32\drivers\atapi.sys 2009-10-29 07:46 . 2004-02-07 01:05 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-26 18:34 . 1980-01-01 07:00 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-23 22:42 . 2009-10-23 22:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll . ------- Sigcheck ------- [-] 2009-11-16 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys [-] 2009-11-16 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys [-] 2002-08-29 . 95B858761A00E1D4F81F79A0DA019ACA . 86912 . . [5.1.2600.1106] . . c:\windows\$NtUninstallQ331060$\ATAPI.SYS [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\beep.sys [-] 2001-08-18 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\kbdclass.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\null.sys [-] 2001-08-18 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys [-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys [-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\browser.dll [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ERDNT\cache\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2005-01-14 . 419899803CA479B73B02390318C787C0 . 395776 . . [5.1.2600.2595] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll [-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB873333$\rpcss.dll [-] 2003-08-25 . 7A6F20EEAC4B2168451878AF9054396F . 260608 . . [5.1.2600.1263] . . c:\windows\$NtUninstallKB828741$\rpcss.dll [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\ERDNT\cache\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ERDNT\cache\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\ERDNT\cache\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2002-08-29 10:40 . C9702DDD814C39DC1254CF757C31C6E4 . 225280 . . [2001.12.4414.46] . . c:\windows\$NtUninstallKB828741$\es.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\ERDNT\cache\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll [-] 2006-07-05 . D8DB5397DE07577C1CB50BA6D23B3AD4 . 984064 . . [5.1.2600.2945] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917422$\kernel32.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ERDNT\cache\mshtml.dll [-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\mshtml.dll [-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\mshtml.dll [-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll [-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll [-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll [-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll [-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll [-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll [-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll [-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll [-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll [-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll [-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll [-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll [-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll [-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [-] 2008-06-24 . EC936148284F557F19C333178768109B . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2008-06-23 . 28B8231CA8D55FC85E027A57C90F5C88 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll [-] 2008-04-24 . 8976CAB317105F7431B08EA32AB73C65 . 3591680 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll [-] 2008-04-23 . 4D612FF5D3B7EEF200595AE6F95D5E68 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll [-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-03-02 . AB2C88167D78D71D93558ACECB24CC7A . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll [-] 2008-03-01 . 4EE273E2B09317C1217EF0DB91F93534 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll [-] 2007-12-08 . A097C36412455F0C7E42377FAF8809B7 . 3592192 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\mshtml.dll [-] 2007-12-07 . 976C46ED4A75FC66D9C596778898CE1E . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll [-] 2007-10-30 . 54D8B404F17AA74C666F7F3AEF2AE459 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll [-] 2007-10-30 . 8AB7ECF59D6EBBE986277B65ED4A40A1 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll [-] 2007-08-20 . E267EE248CDA7667C19001C069DE867B . 3584512 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\mshtml.dll [-] 2007-08-20 . AA8A4BD78D24FCDB96DDAEE3756AA372 . 3592192 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll [-] 2007-07-19 . BD609A26B683332A0E0E1445C5724851 . 3583488 . . [7.00.6000.16525] . . c:\windows\ie7updates\KB939653-IE7\mshtml.dll [-] 2007-07-18 . 7CE243CFD47AD0DC431586CB8C542A11 . 3584000 . . [7.00.6000.20641] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll [-] 2007-05-08 . 1D4E3B86C601A2497C99790CC4D7DF26 . 3584000 . . [7.00.6000.20591] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll [-] 2007-05-08 . 5D90A7200F72DACE663EE78DE234FCC7 . 3583488 . . [7.00.6000.16481] . . c:\windows\ie7updates\KB937143-IE7\mshtml.dll [-] 2007-03-07 . DA297A862E5F093A07D37C05F608C686 . 3582976 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll [-] 2007-03-07 . 190E1AE9B973049B12A67BAD478C770C . 3581952 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\mshtml.dll [-] 2007-01-12 . 5D45318804A30CE9D6EA83066E84B4A7 . 3580416 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\mshtml.dll [-] 2006-11-08 . CBF04597F9CF7739E572276A2698FDD3 . 3577856 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\mshtml.dll [-] 2006-09-14 . BE45460D1453B7342E01EAE79BFBC681 . 3054592 . . [6.00.2900.2995] . . c:\windows\ie7\mshtml.dll [-] 2006-09-14 . CEFEA1C301139A817931BE132F0359FE . 3058688 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll [-] 2006-07-28 . D251679BD9EF0250201FB899EC40FD32 . 3058176 . . [6.00.2900.2963] . . c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll [-] 2006-07-28 . C7074DA3D8F8C0F6C03874BA0B05069C . 3054080 . . [6.00.2900.2963] . . c:\windows\$NtUninstallKB922760$\mshtml.dll [-] 2006-05-19 . 284CE76B71DD5260B42A3CCF0135AF67 . 3052544 . . [6.00.2900.2912] . . c:\windows\$NtUninstallKB918899$\mshtml.dll [-] 2006-05-19 . 8687E029BE63C77D4919485068C54D77 . 3055104 . . [6.00.2900.2912] . . c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll [-] 2006-03-23 . DEAA438EA31095E14A196FF647E38D13 . 3053568 . . [6.00.2900.2873] . . c:\windows\$NtUninstallKB916281$\mshtml.dll [-] 2006-03-23 . ABCD123F888E4E97C8751378CCCC4F26 . 3055616 . . [6.00.2900.2873] . . c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll [-] 2005-11-24 . D3F037F5DA702AE9DDD7663EC9D78BA7 . 3018240 . . [6.00.2900.2802] . . c:\windows\$hf_mig$\KB905915\SP2QFE\mshtml.dll [-] 2005-11-24 . 5E7A39950EA133BB54719A6E08C544A7 . 3015680 . . [6.00.2900.2802] . . c:\windows\$NtUninstallKB912812$\mshtml.dll [-] 2005-10-05 . 3394299FBF1CD0B24089FC762611360B . 3017728 . . [6.00.2900.2769] . . c:\windows\$hf_mig$\KB896688\SP2QFE\mshtml.dll [-] 2005-10-05 . 042AC20E084D21DD6BEE99B89CC30FB7 . 3015168 . . [6.00.2900.2769] . . c:\windows\$NtUninstallKB905915$\mshtml.dll [-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll [-] 2005-07-20 . 31E7520E58E5E4DFA93215A6D5603AF2 . 3014144 . . [6.00.2900.2722] . . c:\windows\$NtUninstallKB896688$\mshtml.dll [-] 2005-05-02 . DCC5C79B99F02EEF8C826B074DBFC222 . 3014144 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll [-] 2005-05-02 . DCFAC5470EE0A159EC4222BC28AE3EE6 . 3012608 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\mshtml.dll [-] 2005-03-10 . 84A1B9B0C362051E68BB131F14C6DAAD . 3010560 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\mshtml.dll [-] 2005-03-10 . 255C2CE965543ABDC3E0A25A5DA1874A . 3011072 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\mshtml.dll [-] 2005-01-27 . FAE3CA9B2459581C45B3A8845BE3077C . 3006976 . . [6.00.2900.2604] . . c:\windows\$NtUninstallKB890923$\mshtml.dll [-] 2005-01-27 . 91C5ADE25BC4E3322577854FA2E7B58B . 3008000 . . [6.00.2900.2604] . . c:\windows\$hf_mig$\KB867282\SP2QFE\mshtml.dll [-] 2004-09-29 . D94E6405E420373161467ACD3DA65640 . 3004928 . . [6.00.2900.2523] . . c:\windows\$NtUninstallKB867282$\mshtml.dll [-] 2004-09-29 . 087FF7C54E7EBE4A59BD4DFC1D0EE9B8 . 3004928 . . [6.00.2900.2524] . . c:\windows\$hf_mig$\KB834707\SP2QFE\mshtml.dll [-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll [-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\mshtml.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ERDNT\cache\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\ServicePackFiles\i386\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntoskrnl.exe [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\ntoskrnl.exe [-] 2009-08-05 . 8415D9C7C050E7022AED8ABF281BE4A6 . 2189184 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe [-] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe [-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 582A8DBAA58C3B1F176EB2817DAEE77C . 2180352 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe [-] 2006-12-19 . 8F0DEAB1F81FB83F9C5995853CE48B9F . 2180352 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 4D4CF2C14550A4B7718E94A6E581856E . 2179328 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntoskrnl.exe [-] 2004-08-04 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\svchost.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\tapisrv.dll [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll [-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB824141$\user32.dll [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\ERDNT\cache\wininet.dll [-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\system32\wininet.dll [-] 2009-10-29 . 7C599DEC022BEF6E3C9F4DB4FC164E8B . 832512 . . [7.00.6000.16945] . . c:\windows\system32\dllcache\wininet.dll [-] 2009-10-29 . CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\wininet.dll [-] 2009-08-29 . DB111200015F08DDDB8857E11C6A80E3 . 832512 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976325-IE7\wininet.dll [-] 2009-08-29 . A5885AF9BFBD942B828E6020AD326517 . 840704 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\wininet.dll [-] 2009-06-29 . 4C6B4138165A4C53FE8A5B1D809526C3 . 828928 . . [7.00.6000.21073] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\wininet.dll [-] 2009-06-29 . A39B7BA7AB9B1CC2A0009F59772DB83C . 827392 . . [7.00.6000.16876] . . c:\windows\ie7updates\KB974455-IE7\wininet.dll [-] 2009-04-29 . 8E2D471157B0DF329D8D0EA5D83B0DDB . 827392 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\wininet.dll [-] 2009-04-29 . 62CCA075F44015147B8971DAFFBCFF76 . 828928 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\wininet.dll [-] 2009-03-03 . 28775945CCD53DEE280EF58DEA1A94C4 . 826368 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\wininet.dll [-] 2009-03-03 . C8667854873938CA13C986F16B0CD183 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [-] 2008-12-20 . 044E0A4E9FE97C0FB9AFE9C89E2A82E6 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [-] 2008-12-20 . A82935D32D0672E8FF4E91AE398E901C . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-10-16 . 6741EAF7B7F110E803A6E38F6E5FA6B0 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-10-16 . 0D5B75171FF51775B630A431B6C667E8 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . 77C192FE56A70D7FA0247BA0A6201C32 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . EF8EBA98145BFA44E80D17A3B3453300 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2008-06-23 . 8C13D4A7479FA0A026EDA8ABCE82C0ED . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [-] 2008-06-23 . C66402A06B83B036C195242C0C8CF83C . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [-] 2008-04-23 . F6589BE784647CFDBC22EA51CCB1A57A . 826368 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll [-] 2008-04-23 . 41546B396A526918DA7995A02EA04E51 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-03-01 . AD21461AEF8244EDEC2EF18E55E1DCF3 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll [-] 2008-03-01 . 6316C2F0C61271C8ABDFF7429174879E . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [-] 2007-12-07 . 806D274C9A6C3AAEA5EAE8E4AF841E04 . 824832 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\wininet.dll [-] 2007-12-07 . B5B411BB229AE6EAD7652A32ED47BFB9 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [-] 2007-10-10 . 30C1E0F34AD2972C72A01DB5C74AB065 . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll [-] 2007-10-10 . 0E5D918F87EFA7D2424D66B499C7EB04 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [-] 2007-08-20 . 774435E499D8E9643EC961A6103C361F . 824832 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\wininet.dll [-] 2007-08-20 . 357D54BF94FE9D6D8505A96B5C2A3BCA . 825344 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll [-] 2007-06-27 . D6ED5E042C5207553E7F5E842918137F . 824320 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll [-] 2007-06-27 . 8068CBB58FE60CC95AEB2CFF70178208 . 823808 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\wininet.dll [-] 2007-04-25 . 431DEFBB4A3D7B0DC062C1B064623A2F . 823808 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll [-] 2007-04-25 . 0586A7F0B2FDB94D624F399D4728E7C8 . 822784 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\wininet.dll [-] 2007-03-07 . 5B35DAE6E4886F64D1DA58C4E3E01EB9 . 822784 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\wininet.dll [-] 2007-03-07 . B8F4DB39CA7353752F245379D285C80E . 823296 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll [-] 2007-01-12 . BE43D00D802C92F01C8CC952C6F483F8 . 822784 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\wininet.dll [-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\wininet.dll [-] 2006-09-14 . 621AF3F6174A3F60677F5230E28BCC07 . 658944 . . [6.00.2900.2995] . . c:\windows\ie7\wininet.dll [-] 2006-09-14 . D207370287CF769AEBEBF03837784963 . 664576 . . [6.00.2900.2995] . . c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll [-] 2006-06-23 . 64CE26DB72810B30F7855EA51E1DF836 . 664576 . . [6.00.2900.2937] . . c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll [-] 2006-06-23 . 2B4DB890936430C71419037039502752 . 658944 . . [6.00.2900.2937] . . c:\windows\$NtUninstallKB922760$\wininet.dll [-] 2006-05-10 . D94CFFDB53E7AC867438E2DFD50E7CBC . 663552 . . [6.00.2900.2904] . . c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll [-] 2006-05-10 . 38AB7A56F566D9AAAD31812494944824 . 658432 . . [6.00.2900.2904] . . c:\windows\$NtUninstallKB918899$\wininet.dll [-] 2006-03-04 . C0845ECBF4F9164E618EE381B79C9032 . 663552 . . [6.00.2900.2861] . . c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll [-] 2006-03-04 . 1C0979C7A489BEE573CD0BF4AD94BB06 . 658432 . . [6.00.2900.2861] . . c:\windows\$NtUninstallKB916281$\wininet.dll [-] 2005-10-21 . E7B27B6B6E06CE34EA019FD8B858C613 . 658432 . . [6.00.2900.2781] . . c:\windows\$NtUninstallKB912812$\wininet.dll [-] 2005-10-21 . AF785C4947676A7FC1673FDC5C8D0B5B . 661504 . . [6.00.2900.2781] . . c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll [-] 2005-09-02 . 97A6FD7CAFD688CF2C78939EBAF0CD0C . 660480 . . [6.00.2900.2753] . . c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll [-] 2005-09-02 . AF61EBB1F550175EFF406D545D6AB086 . 658432 . . [6.00.2900.2753] . . c:\windows\$NtUninstallKB905915$\wininet.dll [-] 2005-07-03 . 5B5FF992C0FA762CCF8655FC290E6E52 . 658432 . . [6.00.2900.2713] . . c:\windows\$NtUninstallKB896688$\wininet.dll [-] 2005-07-03 . 6E533D155B259EB2363D3E04B5BE309F . 659456 . . [6.00.2900.2713] . . c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll [-] 2005-05-02 . E1E18136F9DD3DF1AD9C82193A5898A6 . 658944 . . [6.00.2900.2668] . . c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll [-] 2005-05-02 . 1A078AF3F85D10BA56444C23B3A18E74 . 657920 . . [6.00.2900.2668] . . c:\windows\$NtUninstallKB896727$\wininet.dll [-] 2005-03-10 . 6F018D6319BE4F96426EA829B79E05D5 . 656896 . . [6.00.2900.2627] . . c:\windows\$NtUninstallKB883939$\wininet.dll [-] 2005-03-10 . C8663B488996E89A84C3D17C1D12B79E . 657920 . . [6.00.2900.2627] . . c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll [-] 2005-01-27 . B5E043E440B210014E021B24CF0A72E3 . 656896 . . [6.00.2900.2577] . . c:\windows\$NtUninstallKB890923$\wininet.dll [-] 2005-01-27 . A8EAC5330876548E9966A7D13025D196 . 657920 . . [6.00.2900.2598] . . c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll [-] 2004-09-29 . CBA65B573C66FE23F647FF96E3A10994 . 656896 . . [6.00.2900.2518] . . c:\windows\$NtUninstallKB867282$\wininet.dll [-] 2004-09-29 . 2C07195588D69A067C2AFDAA31759295 . 656896 . . [6.00.2900.2518] . . c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll [-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB834707$\wininet.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe [-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ctfmon.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\shsvcs.dll [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\schedsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB841873$\schedsvc.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ssdpsrv.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\appmgmts.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\ERDNT\cache\acpiec.sys [-] 2001-08-18 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ERDNT\cache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\agp440.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ERDNT\cache\mfc40u.dll [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2001-08-18 09:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2001-08-18 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB828035$\msgsvc.dll [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\ERDNT\cache\mspmsnsv.dll [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\ERDNT\cache\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\ntkrnlpa.exe [-] 2009-08-04 . 7437BA6F538E89381A2E3643AED296C7 . 2066048 . . [5.1.2600.5857] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe [-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . 515D30E2C90A3665A2739309334C9283 . 2057600 . . [5.1.2600.3093] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe [-] 2006-12-19 . 1D659BFB788ED2BA45075624B748D249 . 2057600 . . [5.1.2600.3051] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . 81013F36B21C7F72CF784CC6731E0002 . 2056832 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe [-] 2004-08-04 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ERDNT\cache\ntmssvc.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\upnphost.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll c:\windows\System32\cngaudit.dll ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "HijackThis startup scan"="c:\program files\TrendMicro\HiJackThis\HijackThis.exe" [2009-10-12 388096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-10-26 114688] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-26 118837] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-01 18:01 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^workstation^Start Menu^Programs^Startup^MailWasherPro.lnk] backup=c:\windows\pss\MailWasherPro.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simplify Media] 2009-08-22 00:04 21837320 ----a-w- c:\program files\Simplify Media\SimplifyMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2005-10-25 00:53 307200 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2002-07-30 18:35 77824 ----a-w- c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 7:21 AM 33800] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 1:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 1:07 PM 74480] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 7:21 AM 468224] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 9:59 AM 47640] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 5:46 PM 12856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 9:36 AM 38224] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 1:07 PM 7408] S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?] S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe --> c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] rpcss REG_MULTI_SZ RpcSs HTTPFilter REG_MULTI_SZ HTTPFilter DcomLaunch REG_MULTI_SZ DcomLaunch TermService WudfServiceGroup REG_MULTI_SZ WUDFSvc eapsvcs REG_MULTI_SZ eaphost dot3svc REG_MULTI_SZ dot3svc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs CryptSvc DMServer DHCP ERSvc EventSystem HidServ LanmanWorkstation Messenger Netman TrkWks W32Time WZCSVC WmdmPmSN xmlprov wscsvc napagent HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService Alerter LmHosts . Contents of the 'Scheduled Tasks' folder 2010-01-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] 2010-01-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 FF - ProfilePath - c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version] @Denied: (A) (Everyone) @="{8D8763AB-E93B-4812-964E-F04E0008FD50}" "{21701DD0-9D7E-43f7-A1B2-E92ED6E90A51}"=hex:77,b4,fe,36,3a,32,fa,68,96,ff,14, a9,89,14,06,82,9f,47,56,af,90,06,11,41,73,49,c7,01 [HKEY_LOCAL_MACHINE\SOFTWARESoftware\Microsoft\Windows NT\CurrentVersion\Windows] @Denied: (Full) (Everyone) @Denied: (Full) (Everyone) "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(732) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(1988) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Windows Defender\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\ICO.EXE . ************************************************************************** . Completion time: 2010-01-18 10:57:44 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-18 18:57 ComboFix2.txt 2010-01-16 00:18 ComboFix3.txt 2009-11-02 21:36 ComboFix4.txt 2009-04-01 01:15 Pre-Run: 5,729,546,240 bytes free Post-Run: 5,720,940,544 bytes free - - End Of File - - 98CF1FE23C905BD42285D2B4A17A89F0 I ran the rkill as requested but I am having the same issue with otl where it hangs up while scanning NT Drivers32... Thank you |
|
|
|
|
Jan 18 2010, 04:00 PM
Post
#21
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Alright.
Please do this... Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!! 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE SecCenter:: AV: ThreatFire *On-access scanning disabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3} SRPeek:: c:\windows\System32\cngaudit.dll File:: c:\program files\AskBarDis\bar\bin\AskService.exe c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe Folder:: c:\program files\Azureus c:\documents and settings\workstation\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint c:\program files\Viewpoint c:\documents and settings\workstation\Application Data\Azureus c:\documents and settings\All Users\Application Data\Azureus RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARESoftware\Microsoft\Windows NT\CurrentVersion\Windows] [HKEY_LOCAL_MACHINE\SOFTWARESoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version] Driver:: ASKService ASKUpgrade Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ========== Send me a copy of a suspicious file for analysis Please set your system to show all files. Click Start, open My Computer, select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders. Uncheck: Hide file extensions for known file types Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. 1. Please go to here. 2. Where it asks for the "Link to topic where this file was requested" copy and paste in CODE http://www.bleepingcomputer.com/forums/topic284770.html 3. Where it says "Browse to the file you want to submit", browse to CODE c:\documents and settings\workstation\g2mdlhlpx.exe 4. Press the Send File button. ========== Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2
========== With your next post please provide: * Combofix.txt * Any troubles uploading the file for my review? * SystemLook.txt * How is your computer running? Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
|
Jan 18 2010, 04:58 PM
Post
#22
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
combofix:
ComboFix 10-01-15.01 - workstation 2010-01-18 13:18:24.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.855 [GMT -8:00] Running from: c:\documents and settings\workstation\Desktop\thcbytes.exe Command switches used :: c:\documents and settings\workstation\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\program files\AskBarDis\bar\bin\AskService.exe" "c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Azureus c:\documents and settings\All Users\Application Data\Azureus\azCID.txt c:\documents and settings\All Users\Application Data\Viewpoint c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\DownLoadHist.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1204052943.mtz c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1578130517.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1578130517_1.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1861885435.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1861885435_1.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1518231624.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\433598114.mtj&p2=0&p3=04123288239397394272784816343606&p4=0 c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\648606993.swf c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\942743716.swf c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-1204052934.mts c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\62692418.swf c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx c:\documents and settings\workstation\Application Data\Azureus c:\documents and settings\workstation\Application Data\Azureus\.certs c:\documents and settings\workstation\Application Data\Azureus\.keystore c:\documents and settings\workstation\Application Data\Azureus\.lock c:\documents and settings\workstation\Application Data\Azureus\active\064EC5810ADC7924520F9137E1944F55B16E09A4.dat c:\documents and settings\workstation\Application Data\Azureus\active\064EC5810ADC7924520F9137E1944F55B16E09A4.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\06E902C0A90C0E1F3156E04486771667E8652436.dat c:\documents and settings\workstation\Application Data\Azureus\active\06E902C0A90C0E1F3156E04486771667E8652436.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\0B353ED9EB3B1D362926D8DB34B6586AA840D46B.dat c:\documents and settings\workstation\Application Data\Azureus\active\0B353ED9EB3B1D362926D8DB34B6586AA840D46B.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\0B492E92DAFEE07F26D56087CB4AAA19C8F5A819.dat c:\documents and settings\workstation\Application Data\Azureus\active\0B492E92DAFEE07F26D56087CB4AAA19C8F5A819.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\0B49ED54E7152F61C2C26AD63DF528A5AAD5F141.dat c:\documents and settings\workstation\Application Data\Azureus\active\0B49ED54E7152F61C2C26AD63DF528A5AAD5F141.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\11ECAFA45C6498849E8E81AD823F90A05601E1DE.dat c:\documents and settings\workstation\Application Data\Azureus\active\11ECAFA45C6498849E8E81AD823F90A05601E1DE.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\24957E6E16C817FC99CCA26BEBBF376757588A54.dat c:\documents and settings\workstation\Application Data\Azureus\active\24957E6E16C817FC99CCA26BEBBF376757588A54.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\280C3C73043878430D7C4A0F337C28E3949FBFBC.dat c:\documents and settings\workstation\Application Data\Azureus\active\280C3C73043878430D7C4A0F337C28E3949FBFBC.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\283B270D5A773A83042376CCD11E0D8D69F8A470.dat c:\documents and settings\workstation\Application Data\Azureus\active\283B270D5A773A83042376CCD11E0D8D69F8A470.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\291A8A124A58044E89F6CAC76856BD073C7A9134.dat c:\documents and settings\workstation\Application Data\Azureus\active\291A8A124A58044E89F6CAC76856BD073C7A9134.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\2AB6FF3C847C73B6EC6670B7E9F71A119798C20C.dat c:\documents and settings\workstation\Application Data\Azureus\active\2AB6FF3C847C73B6EC6670B7E9F71A119798C20C.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\2BAD262AC22ED37329A7688D12B92E7B6486704E.dat c:\documents and settings\workstation\Application Data\Azureus\active\2BAD262AC22ED37329A7688D12B92E7B6486704E.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\2CE0872409F7549D665469502CAA61CE16277303.dat c:\documents and settings\workstation\Application Data\Azureus\active\2CE0872409F7549D665469502CAA61CE16277303.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\2CF362C4F3E8B030A90349CD4830952E76FBC5D3.dat c:\documents and settings\workstation\Application Data\Azureus\active\2CF362C4F3E8B030A90349CD4830952E76FBC5D3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\36AC6CF1664FF0E064E64F1AE023CF69E3AEAE29.dat c:\documents and settings\workstation\Application Data\Azureus\active\36AC6CF1664FF0E064E64F1AE023CF69E3AEAE29.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\41D8EFBBC9F328C75835D36FBD430119A1DACA53.dat c:\documents and settings\workstation\Application Data\Azureus\active\41D8EFBBC9F328C75835D36FBD430119A1DACA53.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\42355C387DDF97D13414E08C7A040B00E3D5F3C0.dat c:\documents and settings\workstation\Application Data\Azureus\active\42355C387DDF97D13414E08C7A040B00E3D5F3C0.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\460182508837E732622E6CC9A3E014F27045A84B.dat c:\documents and settings\workstation\Application Data\Azureus\active\460182508837E732622E6CC9A3E014F27045A84B.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\46E6ED2BF86A79558D68B5736D293EF4482B92F4.dat c:\documents and settings\workstation\Application Data\Azureus\active\46E6ED2BF86A79558D68B5736D293EF4482B92F4.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\4866F622D7DB1C68F58A141430260CBF0D45B2AC.dat c:\documents and settings\workstation\Application Data\Azureus\active\4866F622D7DB1C68F58A141430260CBF0D45B2AC.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\49339F0242DEA112B686D6E9882D2FEF61E86D7B.dat c:\documents and settings\workstation\Application Data\Azureus\active\49339F0242DEA112B686D6E9882D2FEF61E86D7B.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\4C028B62DFBD88C13E5C9F3EC0FB19EC956727D1.dat c:\documents and settings\workstation\Application Data\Azureus\active\4C028B62DFBD88C13E5C9F3EC0FB19EC956727D1.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\4F2086548FFC232451CC8512CBF850686D2F28B3.dat c:\documents and settings\workstation\Application Data\Azureus\active\4F2086548FFC232451CC8512CBF850686D2F28B3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\507B8AD46C377AA7C2EFE5B50E5DA382A40435AE.dat c:\documents and settings\workstation\Application Data\Azureus\active\507B8AD46C377AA7C2EFE5B50E5DA382A40435AE.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\51C52B29157A585CD669A44EAFD2E4E4BCF1D23F.dat c:\documents and settings\workstation\Application Data\Azureus\active\51C52B29157A585CD669A44EAFD2E4E4BCF1D23F.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\53895E6868F6332D254D4CBE4B58B572DFDBD817.dat c:\documents and settings\workstation\Application Data\Azureus\active\53895E6868F6332D254D4CBE4B58B572DFDBD817.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\549285B037125890803729C1C9DE18C5114635BC.dat c:\documents and settings\workstation\Application Data\Azureus\active\549285B037125890803729C1C9DE18C5114635BC.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\5A35EAD8C8F23D831F236C323920A5F9E5CE3CE6.dat c:\documents and settings\workstation\Application Data\Azureus\active\5A35EAD8C8F23D831F236C323920A5F9E5CE3CE6.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\5E5291F0F9F8E3E954EF158D34C646E0BAD9DE96.dat c:\documents and settings\workstation\Application Data\Azureus\active\5E5291F0F9F8E3E954EF158D34C646E0BAD9DE96.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\600416BBB99B15DA423C0ED5506BF87740FB22D7.dat c:\documents and settings\workstation\Application Data\Azureus\active\600416BBB99B15DA423C0ED5506BF87740FB22D7.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\615EB01F059A0190349EA43C70187CA2F5792D2D.dat c:\documents and settings\workstation\Application Data\Azureus\active\615EB01F059A0190349EA43C70187CA2F5792D2D.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\6564B68635A3C4610553DDA33AD51CAAD2C330A6.dat c:\documents and settings\workstation\Application Data\Azureus\active\6564B68635A3C4610553DDA33AD51CAAD2C330A6.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\67A4D573070243CAF49B51D183B32BE2F04576EF.dat c:\documents and settings\workstation\Application Data\Azureus\active\67A4D573070243CAF49B51D183B32BE2F04576EF.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\744576B6FC04FBAD7FD6B4D0FC11C4CA1ED35ED3.dat c:\documents and settings\workstation\Application Data\Azureus\active\744576B6FC04FBAD7FD6B4D0FC11C4CA1ED35ED3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\79CACE82F6D33F157B63D12ECC7B5D6D621C296F.dat c:\documents and settings\workstation\Application Data\Azureus\active\79CACE82F6D33F157B63D12ECC7B5D6D621C296F.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\79F0D43453156D09D1F159090B18489ADC58DB04.dat c:\documents and settings\workstation\Application Data\Azureus\active\79F0D43453156D09D1F159090B18489ADC58DB04.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\7F0B5D8FB8879DF1F6E69DD56E73C330623D426E.dat c:\documents and settings\workstation\Application Data\Azureus\active\7F0B5D8FB8879DF1F6E69DD56E73C330623D426E.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\8006F0152FA2F2055351A0EABC763B305C6C61E5.dat c:\documents and settings\workstation\Application Data\Azureus\active\8006F0152FA2F2055351A0EABC763B305C6C61E5.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\82CEA4BC30FD789139A731D3FF54E6A9E5B47323.dat c:\documents and settings\workstation\Application Data\Azureus\active\82CEA4BC30FD789139A731D3FF54E6A9E5B47323.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\8448AD666BF77B6E2B7749C65E1CD8BF7C94BE6B.dat c:\documents and settings\workstation\Application Data\Azureus\active\8448AD666BF77B6E2B7749C65E1CD8BF7C94BE6B.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\8BD058D24918A4893C441FC4BB7B2C8EE25F060B.dat c:\documents and settings\workstation\Application Data\Azureus\active\8BD058D24918A4893C441FC4BB7B2C8EE25F060B.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\8EB4B52A2655FE3C39B9AB17151A784969252CD3.dat c:\documents and settings\workstation\Application Data\Azureus\active\8EB4B52A2655FE3C39B9AB17151A784969252CD3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\8F77D88EB1B96A1E418AE68B16B4B96C3D834F35.dat c:\documents and settings\workstation\Application Data\Azureus\active\8F77D88EB1B96A1E418AE68B16B4B96C3D834F35.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\9045995A676893B06DD6D12DF5FA361BF58954E1.dat c:\documents and settings\workstation\Application Data\Azureus\active\9045995A676893B06DD6D12DF5FA361BF58954E1.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\91447C0ED1F47AD0730A7B8C63E4EFA3472DBF5C.dat c:\documents and settings\workstation\Application Data\Azureus\active\91447C0ED1F47AD0730A7B8C63E4EFA3472DBF5C.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\91ADF8E6E252695EE1913E9173378D46876A1A25.dat c:\documents and settings\workstation\Application Data\Azureus\active\91ADF8E6E252695EE1913E9173378D46876A1A25.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\990833BD4728ABC20D5B31CACC57EF83992D89D7.dat c:\documents and settings\workstation\Application Data\Azureus\active\990833BD4728ABC20D5B31CACC57EF83992D89D7.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\9FFAAFE9EB2BFA2D9042AB1F5488AC6314113CE5.dat c:\documents and settings\workstation\Application Data\Azureus\active\9FFAAFE9EB2BFA2D9042AB1F5488AC6314113CE5.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\A3DFAED0511E2C83D57264F5CE07BD71FC1E0B28.dat c:\documents and settings\workstation\Application Data\Azureus\active\A3DFAED0511E2C83D57264F5CE07BD71FC1E0B28.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\A7DCB7F3B4199E90E6D1BEBFCDEB7556502492B6.dat c:\documents and settings\workstation\Application Data\Azureus\active\A7DCB7F3B4199E90E6D1BEBFCDEB7556502492B6.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\AC81B81EA43EF7708C92E39CD648A0236ECB7171.dat c:\documents and settings\workstation\Application Data\Azureus\active\AC81B81EA43EF7708C92E39CD648A0236ECB7171.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\ACDDE2B590C49DB0F0CFB61FB22BF18A67A3B9E3.dat c:\documents and settings\workstation\Application Data\Azureus\active\ACDDE2B590C49DB0F0CFB61FB22BF18A67A3B9E3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\B7426A8445C1E1D2DD36FE1A94A93949B9A2F4C1.dat c:\documents and settings\workstation\Application Data\Azureus\active\B7426A8445C1E1D2DD36FE1A94A93949B9A2F4C1.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\BB5F71BDB1F9C8FF6E0B6DA8BA4FEF9F86291278.dat c:\documents and settings\workstation\Application Data\Azureus\active\BB5F71BDB1F9C8FF6E0B6DA8BA4FEF9F86291278.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\BC6F3EB101AC382382B06BDC0C04B49D35D138B9.dat c:\documents and settings\workstation\Application Data\Azureus\active\BC6F3EB101AC382382B06BDC0C04B49D35D138B9.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\C502DC666AFBC5295CA7FE117B1592EE81633F41.dat c:\documents and settings\workstation\Application Data\Azureus\active\C502DC666AFBC5295CA7FE117B1592EE81633F41.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\cache.dat c:\documents and settings\workstation\Application Data\Azureus\active\CC077E88D60659A47ABEE647AB30729477E4C67A.dat c:\documents and settings\workstation\Application Data\Azureus\active\CC077E88D60659A47ABEE647AB30729477E4C67A.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\D4181399E27FE29D2258260E53E65971CD925259.dat c:\documents and settings\workstation\Application Data\Azureus\active\D4181399E27FE29D2258260E53E65971CD925259.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\DA08E7B12F631385013A8DAD201003D5F737AC81.dat c:\documents and settings\workstation\Application Data\Azureus\active\DA08E7B12F631385013A8DAD201003D5F737AC81.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\DA438E13C5DA1856CB2D7E7B4453FF004BEDDFBD.dat c:\documents and settings\workstation\Application Data\Azureus\active\DA438E13C5DA1856CB2D7E7B4453FF004BEDDFBD.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\DF43BA754616862E63566E3BD1D9EA544CBEB498.dat c:\documents and settings\workstation\Application Data\Azureus\active\DF43BA754616862E63566E3BD1D9EA544CBEB498.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\DF857D93CF29B91D816983D41AADE5120A53B9E9.dat c:\documents and settings\workstation\Application Data\Azureus\active\DF857D93CF29B91D816983D41AADE5120A53B9E9.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\E3B84DC62E94F9636EE79797E4A887FBC6ED2A43.dat c:\documents and settings\workstation\Application Data\Azureus\active\E3B84DC62E94F9636EE79797E4A887FBC6ED2A43.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\E652BAEBB5715346C872D61263DF64005C369C4F.dat c:\documents and settings\workstation\Application Data\Azureus\active\E652BAEBB5715346C872D61263DF64005C369C4F.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\ECF350EA6F3CB14E7B22C0A1C1CA199D17B58039.dat c:\documents and settings\workstation\Application Data\Azureus\active\ECF350EA6F3CB14E7B22C0A1C1CA199D17B58039.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\F177D7BCA4FDF2ECF437F553EA90C7F6BE82587F.dat c:\documents and settings\workstation\Application Data\Azureus\active\F177D7BCA4FDF2ECF437F553EA90C7F6BE82587F.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\F8F858D7620D6F07D5CB25B36A5B960CA1F714E3.dat c:\documents and settings\workstation\Application Data\Azureus\active\F8F858D7620D6F07D5CB25B36A5B960CA1F714E3.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\FBCD7BE2DCF83634349623F2F455C5F3C3714B6C.dat c:\documents and settings\workstation\Application Data\Azureus\active\FBCD7BE2DCF83634349623F2F455C5F3C3714B6C.dat.bak c:\documents and settings\workstation\Application Data\Azureus\active\FD7BFA329494F313973792E1D8FA4D2D90EC2DB0.dat c:\documents and settings\workstation\Application Data\Azureus\active\FD7BFA329494F313973792E1D8FA4D2D90EC2DB0.dat.bak c:\documents and settings\workstation\Application Data\Azureus\azureus.config c:\documents and settings\workstation\Application Data\Azureus\azureus.config.bak c:\documents and settings\workstation\Application Data\Azureus\azureus.statistics c:\documents and settings\workstation\Application Data\Azureus\azureus.statistics.bak c:\documents and settings\workstation\Application Data\Azureus\banips.config c:\documents and settings\workstation\Application Data\Azureus\banips.config.bak c:\documents and settings\workstation\Application Data\Azureus\devices.config c:\documents and settings\workstation\Application Data\Azureus\devices.config.bak c:\documents and settings\workstation\Application Data\Azureus\dht\addresses.dat c:\documents and settings\workstation\Application Data\Azureus\dht\contacts.dat c:\documents and settings\workstation\Application Data\Azureus\dht\diverse.dat c:\documents and settings\workstation\Application Data\Azureus\dht\general.dat c:\documents and settings\workstation\Application Data\Azureus\dht\version.dat c:\documents and settings\workstation\Application Data\Azureus\downloads.config c:\documents and settings\workstation\Application Data\Azureus\downloads.config.bak c:\documents and settings\workstation\Application Data\Azureus\ipfilter.cache c:\documents and settings\workstation\Application Data\Azureus\logs\alerts_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\AutoSpeed_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\clientid_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\debug_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\debug_2.log c:\documents and settings\workstation\Application Data\Azureus\logs\Friends_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\NetStatus_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\seltrace_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\seltrace_2.log c:\documents and settings\workstation\Application Data\Azureus\logs\SpeedMan_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\SpeedMan_2.log c:\documents and settings\workstation\Application Data\Azureus\logs\thread_1.log c:\documents and settings\workstation\Application Data\Azureus\logs\thread_2.log c:\documents and settings\workstation\Application Data\Azureus\metasearch.config c:\documents and settings\workstation\Application Data\Azureus\metasearch.config.bak c:\documents and settings\workstation\Application Data\Azureus\net\pm_7018.dat c:\documents and settings\workstation\Application Data\Azureus\net\pm_7132.dat c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.17.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.17.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.21.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.21.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.23.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.23.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.5.jar c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.5.zip c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\cd.dat c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.3 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.0 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.17 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.21 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.23 c:\documents and settings\workstation\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.5 c:\documents and settings\workstation\Application Data\Azureus\rcm.config c:\documents and settings\workstation\Application Data\Azureus\rcm.config.bak c:\documents and settings\workstation\Application Data\Azureus\sidebarauto.config c:\documents and settings\workstation\Application Data\Azureus\sidebarauto.config.bak c:\documents and settings\workstation\Application Data\Azureus\tables.config c:\documents and settings\workstation\Application Data\Azureus\tables.config.bak c:\documents and settings\workstation\Application Data\Azureus\tmp\AZU16509.tmp c:\documents and settings\workstation\Application Data\Azureus\tmp\AZU16510.tmp c:\documents and settings\workstation\Application Data\Azureus\tmp\AZU16511.tmp c:\documents and settings\workstation\Application Data\Azureus\tmp\AZU16512.tmp c:\documents and settings\workstation\Application Data\Azureus\tmp\AZU16513.tmp c:\documents and settings\workstation\Application Data\Azureus\torrents\Super-Sonic Jazz.torrent c:\documents and settings\workstation\Application Data\Azureus\update.log c:\documents and settings\workstation\Application Data\Azureus\update.properties c:\documents and settings\workstation\Application Data\Azureus\VuzeActivities.config c:\documents and settings\workstation\Application Data\Azureus\VuzeActivities.config.bak c:\documents and settings\workstation\Application Data\Viewpoint c:\documents and settings\workstation\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini c:\documents and settings\workstation\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini c:\documents and settings\workstation\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini c:\documents and settings\workstation\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini c:\documents and settings\workstation\Application Data\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx c:\program files\Azureus c:\program files\Azureus\aereg.dll c:\program files\Azureus\Azureus.exe c:\program files\Azureus\Azureus.exe.manifest c:\program files\Azureus\Azureus2.jar c:\program files\Azureus\AzureusUpdater.exe c:\program files\Azureus\ChangeLog.txt c:\program files\Azureus\hs_err_pid3348.log c:\program files\Azureus\javaw.exe.manifest c:\program files\Azureus\License.txt c:\program files\Azureus\msvcr71.dll c:\program files\Azureus\plugins\azplugins\azplugins_1.9.1.jar c:\program files\Azureus\plugins\azplugins\azplugins_2.0.jar c:\program files\Azureus\plugins\azplugins\azplugins_2.1.1.jar c:\program files\Azureus\plugins\azplugins\azplugins_2.1.4.jar c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar c:\program files\Azureus\plugins\azrating\azrating_1.3.jar c:\program files\Azureus\plugins\azupdater\azupdater_1.8.12.zip c:\program files\Azureus\plugins\azupdater\azupdater_1.8.5.zip c:\program files\Azureus\plugins\azupdater\azupdater_1.8.8.zip c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.12.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.3.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.5.jar c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar c:\program files\Azureus\plugins\azupdater\Azureus2_4.2.0.4_P4.pax c:\program files\Azureus\plugins\azupdater\plugin.properties c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.12 c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.5 c:\program files\Azureus\plugins\azupdater\plugin.properties_1.8.8 c:\program files\Azureus\plugins\azupdater\Updater.jar c:\program files\Azureus\swt-about.html c:\program files\Azureus\swt-awt-win32-3139.dll c:\program files\Azureus\swt-awt-win32-3232.dll c:\program files\Azureus\swt-awt-win32-3318.dll c:\program files\Azureus\swt-gdip-win32-3139.dll c:\program files\Azureus\swt-gdip-win32-3232.dll c:\program files\Azureus\swt-gdip-win32-3318.dll c:\program files\Azureus\swt-wgl-win32-3232.dll c:\program files\Azureus\swt-wgl-win32-3318.dll c:\program files\Azureus\swt-win32-3139.dll c:\program files\Azureus\swt-win32-3232.dll c:\program files\Azureus\swt-win32-3318.dll c:\program files\Azureus\swt.jar c:\program files\Azureus\torrents\-_Demonoid.com_-ATHF_MOVIE_SOUNDTRACK_CD_HIDDEN_VIDEO_FILE_1223306.6206.torrent c:\program files\Azureus\torrents\((Demonoid.com))-Mailwasher_Pro_5.3_with_key_1223306.6206.torrent c:\program files\Azureus\torrents\((Demonoid.com))-The_Simpsons_soundboards!_(Funny)_1223306.6206.torrent c:\program files\Azureus\torrents\(1957) les baxter - ports of pleasure (256kbps).torrent c:\program files\Azureus\torrents\(1959) les baxter - african jazz.torrent c:\program files\Azureus\torrents\(1970) les baxter - bugaloo in brazil (kpm) (320).torrent c:\program files\Azureus\torrents\(1972) Messiah.torrent c:\program files\Azureus\torrents\(1991 - Box) Frank Zappa - Beat the boots I.torrent c:\program files\Azureus\torrents\(1993) Persian Surgery Dervishes.torrent c:\program files\Azureus\torrents\[[Demonoid.com]]-Tool_-_Wings_For_Marie_(Pt_1)_Viginti_Tres_&_10,000_Days_(Wings_Pt_2)_[_Mixed_].torrent c:\program files\Azureus\torrents\[1970] Express Yourself.torrent c:\program files\Azureus\torrents\[1970] Harlem River Drive.torrent c:\program files\Azureus\torrents\[1972] Come Back Charleston Blue.torrent c:\program files\Azureus\torrents\[1972] Liberated Brother.torrent c:\program files\Azureus\torrents\[1974] In Harmony.torrent c:\program files\Azureus\torrents\[1975] Spirit Man.torrent c:\program files\Azureus\torrents\[1994] At Action Park LP =.torrent c:\program files\Azureus\torrents\[1999] Rage Against the Machine - The Battle Of Los Angeles.torrent c:\program files\Azureus\torrents\[2006] Tool - Vicarious [Single] {FLAC}.torrent c:\program files\Azureus\torrents\[ape]Augustus Pablo - Ital Dub.torrent c:\program files\Azureus\torrents\[mp3]Wes Montgomery All-Stars - A Good Git-Together.torrent c:\program files\Azureus\torrents\[rk 45003] alice russell ft quantic - somebody's gonna love you (record kicks 2006).torrent c:\program files\Azureus\torrents\[TRUCD109] Spanky Wilson & The Quantic Soul Orchestra - Im Thankful (2006).torrent c:\program files\Azureus\torrents\_Budos Band - Budos Band (2005).torrent c:\program files\Azureus\torrents\_charlie hunter trio.torrent c:\program files\Azureus\torrents\_David Axelrod.torrent c:\program files\Azureus\torrents\_Numero 014 - Cult Cargo - Grand Bahama Goombay.torrent c:\program files\Azureus\torrents\{Demonoid.com}-Tool_-_Live_in_Chicago_5_13_2006_FLAC.torrent c:\program files\Azureus\torrents\+-Demonoid.com-+_The_Mars_Volta_The_Bedlam_In_Goliath_Leaks_[320_MP3]_1223306.6206.torrent c:\program files\Azureus\torrents\0 + 1= 2.torrent c:\program files\Azureus\torrents\02 Leaving Your Body Map.torrent c:\program files\Azureus\torrents\16db697d0d734e448aeff06842502b41e157aae1.torrent c:\program files\Azureus\torrents\1974 - Herbie Hancock - Death Wish.torrent c:\program files\Azureus\torrents\1979 - m'boom.torrent c:\program files\Azureus\torrents\1999-08-03 Liquid Room, Tokyo, Japan (w. DJ Logic).torrent c:\program files\Azureus\torrents\1999 - Mysteryfunk (ep) (V0).torrent c:\program files\Azureus\torrents\1999.07.27 wmpg radio portland.torrent c:\program files\Azureus\torrents\2005 - Black Oni.torrent c:\program files\Azureus\torrents\2006-01-30.flac16.torrent c:\program files\Azureus\torrents\2006 - Astronome.torrent c:\program files\Azureus\torrents\2006 Nomo - New Tones.torrent c:\program files\Azureus\torrents\3039eae6b8671788c44db2d30027d9b816ab9e20.torrent c:\program files\Azureus\torrents\5.torrent c:\program files\Azureus\torrents\5ive style - 5ive style - 1995 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\5ive style - Miniature Portraits - 1999 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\712_xvid.torrent c:\program files\Azureus\torrents\77.torrent c:\program files\Azureus\torrents\80-85.torrent c:\program files\Azureus\torrents\801 Live.torrent c:\program files\Azureus\torrents\9-5-1991 the jello loft.torrent c:\program files\Azureus\torrents\A Natural Death.torrent c:\program files\Azureus\torrents\A Tribe Called Quest - People's Instinctive Travels and the Paths of Rhythm.torrent c:\program files\Azureus\torrents\ABBYY PDF Transformer 2.0 [2007-2].torrent c:\program files\Azureus\torrents\Acid Bath - Paegan Terrorism Tactics.torrent c:\program files\Azureus\torrents\Acid Bath - When the Kite String Pops {Remastered} VBR.torrent c:\program files\Azureus\torrents\Acid Mothers Temple - Does the Cosmic Shepherd Dream of Electric Tapirs.torrent c:\program files\Azureus\torrents\Aesop Rock - B-Sides & Rarities Vol. 2_ 2003-2006.torrent c:\program files\Azureus\torrents\Aesop Rock - Coffee 12'' (V0).torrent c:\program files\Azureus\torrents\aesop rock - freeze_the greatest pac-man victory in history 12_.torrent c:\program files\Azureus\torrents\Aesop Rock Meets Portishead - ROCKHEAD.torrent c:\program files\Azureus\torrents\Aesop_Rock-All_In_All_Bw_Make_News-VLS-2004-YSP.torrent c:\program files\Azureus\torrents\Aesop_Rock-Coffee-VLS-2007-C4.torrent c:\program files\Azureus\torrents\Aesop_Rock_And_Jeremy_Fish-The_Next_Best_Thing-Ltd.Ed._7inch-2006-FTD.torrent c:\program files\Azureus\torrents\AH with TW torrent.torrent c:\program files\Azureus\torrents\Alan holdsworth - 1985 - Metal Fatigue.torrent c:\program files\Azureus\torrents\Alfred Hitchcock's Music To Be Murdered By (1958).torrent c:\program files\Azureus\torrents\Alias_And_Tarsier-Brookland-Oaklyn-(ABR0059)-CD-2006-iPC.torrent c:\program files\Azureus\torrents\All Day Nike Original Run.torrent c:\program files\Azureus\torrents\Allan Holdsworth- Against The Clock.torrent c:\program files\Azureus\torrents\Allan Holdsworth - 2000 - The Sixteen Men Of Tain (Special Edition) (320).torrent c:\program files\Azureus\torrents\Allan Holdsworth - Sand.torrent c:\program files\Azureus\torrents\Allan Holdsworth - Secrets.torrent c:\program files\Azureus\torrents\Allan Holdsworth & Frank Gambale · Truth In Shredding (1990) [192]-1.torrent c:\program files\Azureus\torrents\ALTITUDE.torrent c:\program files\Azureus\torrents\AMT - Absolutely Freak Out.torrent c:\program files\Azureus\torrents\AMT In-C V0.torrent c:\program files\Azureus\torrents\Ananda Shankar - Melodies from India.torrent c:\program files\Azureus\torrents\Ananda Shankar Experience & State of Bengal - Walking On.torrent c:\program files\Azureus\torrents\And Now!.torrent c:\program files\Azureus\torrents\Andrea Bocelli - Amore - 2006 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Andrea Bocelli - My Christmas - 2009 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Andrea Bocelli - Vivere - The Best Of - 2007 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Andrew Weil - From Chocolate to Morphine.torrent c:\program files\Azureus\torrents\Antibalas - Security-2.torrent c:\program files\Azureus\torrents\antibalas_bw_ticklah-k-leg-(purp011)-vinyl-2006-obc.torrent c:\program files\Azureus\torrents\Antimc-Its_Free_But_Its_Not_Cheap-2006-RTB.torrent c:\program files\Azureus\torrents\Arcana -- [1997] -- Arc of the Testimony.torrent c:\program files\Azureus\torrents\Are MadVillain.torrent c:\program files\Azureus\torrents\Around The Fur.torrent c:\program files\Azureus\torrents\arthur lyman - bahia-(320kbs)-lp.torrent c:\program files\Azureus\torrents\Asmodeus_ Book of Angels Volume 7.torrent c:\program files\Azureus\torrents\Aswad.torrent c:\program files\Azureus\torrents\Audio Mixing and Mastering Tutorials.torrent c:\program files\Azureus\torrents\Avast.Professional.v4.7.1029.Incl.KeyMaker-DVT.torrent c:\program files\Azureus\torrents\AVG.Anti-Virus.v7.5.425.814.Multilingual.WinALL.Incl.Keygen-ViRiLiTY.torrent c:\program files\Azureus\torrents\axelrod_Songs of Experience.torrent c:\program files\Azureus\torrents\Axiom Funk -- [1995] -- Funkcronomicon.torrent c:\program files\Azureus\torrents\Azimuth - Azimuth.torrent c:\program files\Azureus\torrents\AZU35894.tmp c:\program files\Azureus\torrents\AZU8909.tmp c:\program files\Azureus\torrents\AZU909.tmp c:\program files\Azureus\torrents\Azymuth - Light as a Feather.torrent c:\program files\Azureus\torrents\Azymuth - Telecommunication - V0- 1982.torrent c:\program files\Azureus\torrents\Baby Elephant 320.torrent c:\program files\Azureus\torrents\Bad Brains - Rock For Light (Original Mix).torrent c:\program files\Azureus\torrents\badu, erykah - mama's gun.torrent c:\program files\Azureus\torrents\Baduizm.torrent c:\program files\Azureus\torrents\Banyan -- [1999] -- Anytime at All.torrent c:\program files\Azureus\torrents\Barbara & Ernie.torrent c:\program files\Azureus\torrents\barrage double trio - utility hitter (1995 quinnah).torrent c:\program files\Azureus\torrents\Barrington_Levy-Englishman_(Re-Issue)-Retail_CD-2007-RKS.torrent c:\program files\Azureus\torrents\Battery Milk.torrent c:\program files\Azureus\torrents\Battles - EP C - B EP.torrent c:\program files\Azureus\torrents\Beastie Boys - The In Sound From Way Out! (V0).torrent c:\program files\Azureus\torrents\Beastie_Boys-The_Mix_Up-Advance-2007-FTD.torrent c:\program files\Azureus\torrents\Beck-The_Information-2006-RTB.torrent c:\program files\Azureus\torrents\Behold_The_Arctopus-Nano-Nucleonic_Cyborg_Summoning-(Remastered)-2006-KzT.torrent c:\program files\Azureus\torrents\Ben Harper - Both Sides of the Gun.torrent c:\program files\Azureus\torrents\Bernard Wright ' NARD.torrent c:\program files\Azureus\torrents\Best Of Jazz Guitar.pdf.torrent c:\program files\Azureus\torrents\Betty Davis - Betty Davis-They Say I'm Different (2007).torrent c:\program files\Azureus\torrents\Betty Davis - Nasty Gal.torrent c:\program files\Azureus\torrents\Between The Buried And Me - Alaska.torrent c:\program files\Azureus\torrents\Beyoncé - I Am... Sasha Fierce - 2008 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Big John Patton - Let 'Em Roll - 1965 - MP3 V0.torrent c:\program files\Azureus\torrents\Bill Withers - Best of.torrent c:\program files\Azureus\torrents\Billy Cobham - Alivemotherforya (1978).torrent c:\program files\Azureus\torrents\Billy Cobham - Crosswinds (1974).torrent c:\program files\Azureus\torrents\Billy Cobham - Funky Thide Of Sings.torrent c:\program files\Azureus\torrents\Billy Cobham - Shabazz.torrent c:\program files\Azureus\torrents\Billy Cobham - Total Eclipse.torrent c:\program files\Azureus\torrents\Billy Martin - Starlings (2006) [FLAC] (OiNK).torrent c:\program files\Azureus\torrents\Black Cherry (via the sound science of William Parker & Hamid Drake).torrent c:\program files\Azureus\torrents\Black Merda - The Folks From Mother's Mixer (US Psych-Funk 1969-72) (@256).torrent c:\program files\Azureus\torrents\Black Strobe - Burn Your Own Church (Promo) [2007].torrent c:\program files\Azureus\torrents\Black_Heart_Procession-The_Spell-2006-JUST.torrent c:\program files\Azureus\torrents\Blockhead--Block_In_The_Box-Promo_CDr-2005-AES.torrent c:\program files\Azureus\torrents\Blockhead-Alright-VLS-2006-FTD.torrent c:\program files\Azureus\torrents\Blockhead-The_Block_Is_Hot_Part_2-2005-FTD.torrent c:\program files\Azureus\torrents\Blockhead-Uncle_Tonys_Coloring_Book-2007.torrent c:\program files\Azureus\torrents\Blowfly - The Weird World of Blowfly .torrent c:\program files\Azureus\torrents\Blue Breakbeats.torrent c:\program files\Azureus\torrents\bo diddley - big bad bo.torrent c:\program files\Azureus\torrents\Bob Marley.Dreams of Freedom.Ambient Translations by Bill Laswell.torrent c:\program files\Azureus\torrents\Bola Sete At The Monterey Jazz Festival.torrent c:\program files\Azureus\torrents\Bombshell Baby Of Bombay (Bouncin' Nighclub Grooves from Bollywood Films).torrent c:\program files\Azureus\torrents\Book of Angels, Vol. 5, The Cracow Klezmer Band - 2006 - Balan.torrent c:\program files\Azureus\torrents\Booker T & the MG's- Soul Limbo.torrent c:\program files\Azureus\torrents\Booker T & the MGs- Hip Hug Her.torrent c:\program files\Azureus\torrents\Booker T. and the M.G.'s - Melting Pot.torrent c:\program files\Azureus\torrents\Booker T. and the MG's - Groovin'.torrent c:\program files\Azureus\torrents\Booker_T._and_The_M.G.s-Soul_Clap_69-(Stax)-7inch-1969-soup.torrent c:\program files\Azureus\torrents\Boom_Bip-Doo_Doo_Breaks_1-Vinyl-2002-CMS.torrent c:\program files\Azureus\torrents\Boom_Bip_Presents-Doo_Doo_Breaks_Volume_2-Vinyl-2003-JCE.torrent c:\program files\Azureus\torrents\Box Of Dub (Dub Step & Future Dub).torrent c:\program files\Azureus\torrents\Brewing Science and Practice [2004].torrent c:\program files\Azureus\torrents\Bridge 61.torrent c:\program files\Azureus\torrents\Broken Jazz 101.torrent c:\program files\Azureus\torrents\Brown And Roach Incorporated.torrent c:\program files\Azureus\torrents\Brownout - Latin Funk For The Boogie Spot EP.torrent c:\program files\Azureus\torrents\Bruce Haack - The Electric Lucifer (1970).torrent c:\program files\Azureus\torrents\buckethead - personalized recording.torrent c:\program files\Azureus\torrents\Bucky Fellini.torrent c:\program files\Azureus\torrents\Budos Band - Budos Band (2005).torrent c:\program files\Azureus\torrents\Build A Nation-1.torrent c:\program files\Azureus\torrents\Bumps-Bumps_(STH2157)-(Vinyl)-2007-WHOA.torrent c:\program files\Azureus\torrents\Bundles.torrent c:\program files\Azureus\torrents\Burning Off Impurities [V0].torrent c:\program files\Azureus\torrents\Busdriver-Cosmic_Cleavage-ADVANCE-2004-ESC.torrent c:\program files\Azureus\torrents\Busdriver-Roadkillovercoat-(Advance)-2007-FNTx.torrent c:\program files\Azureus\torrents\Busdriver & Daedelus - Live Airplane Food.torrent c:\program files\Azureus\torrents\Calexico - Tool Box [2007].torrent c:\program files\Azureus\torrents\Cannonball Adderley And The Poll Winners.torrent c:\program files\Azureus\torrents\Cannonball Adderly-Experience In E.torrent c:\program files\Azureus\torrents\Cannonball Adderly - Radio Nights.torrent c:\program files\Azureus\torrents\Chains and Black Exhaust.torrent c:\program files\Azureus\torrents\chains.torrent c:\program files\Azureus\torrents\Charles Bamforth - Beer Tap Into The Art and Science of Brewing.torrent c:\program files\Azureus\torrents\Charles Wright & The Watts 103rd Street-Hot Heat & Sweet Groove 1968.torrent c:\program files\Azureus\torrents\Charlie Hunter Trio - Mistico.torrent c:\program files\Azureus\torrents\Charlie Hunter Trio.torrent c:\program files\Azureus\torrents\Cherrystones- Hidden Charms.torrent c:\program files\Azureus\torrents\Chest.torrent c:\program files\Azureus\torrents\Chicano Power !.torrent c:\program files\Azureus\torrents\Chico Mann-Manifest Tone Remixes.torrent c:\program files\Azureus\torrents\chico mann.torrent c:\program files\Azureus\torrents\Cinematic Orchestra, The - Every Day (2002).torrent c:\program files\Azureus\torrents\Class X_ A Tribute To Company Flow.torrent c:\program files\Azureus\torrents\Cleric - Cumberbund - 2007 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\Clifford Brown & Max Roach - At Basin Street (aps).torrent c:\program files\Azureus\torrents\Clifford Brown & Max Roach - Study in Brown.torrent c:\program files\Azureus\torrents\Clifford Brown and Max Roach.torrent c:\program files\Azureus\torrents\Cluster - Cluster 71.torrent c:\program files\Azureus\torrents\Cluster II.torrent c:\program files\Azureus\torrents\Coltrane Plays the Blues.torrent c:\program files\Azureus\torrents\Comedy Central Presents - Zach Galifianakis.torrent c:\program files\Azureus\torrents\company_flow-funcrusher_plus-remastered_lp-2000-blizzard.torrent c:\program files\Azureus\torrents\Coral Rock.torrent c:\program files\Azureus\torrents\Corleone.torrent c:\program files\Azureus\torrents\Craft of the Lost Art.torrent c:\program files\Azureus\torrents\Creedence Clearwater Revival - Bayou Country - 2008 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Creedence Clearwater Revival - Cosmo's Factory - 2008 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Creedence Clearwater Revival - Creedence Clearwater Revival - 2008 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Creedence Clearwater Revival - Green River - 2008 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Creedence Clearwater Revival - Willy And The Poor Boys - 2008 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\crime in choir - 2005 - the hoop.torrent c:\program files\Azureus\torrents\Crime_In_Choir-Trumpery_Meiter-2006-RTB.torrent c:\program files\Azureus\torrents\Crimes.torrent c:\program files\Azureus\torrents\Cult Cargo_ Belize City Boil-Up.torrent c:\program files\Azureus\torrents\Dangerous Dub.torrent c:\program files\Azureus\torrents\dap1011 - sharon jones & the dap-kings - pick it up, lay it in the cut (daptone 7'' 2002).torrent c:\program files\Azureus\torrents\dap1019 - sharon jones & the dap-kings - what if we all stopped paying taxes (daptone 7'' 2004).torrent c:\program files\Azureus\torrents\Darondo - Let My People Go (2006) (VBR -V 0).torrent c:\program files\Azureus\torrents\Dave Matthews Band - Big Whiskey and the Groogrux King - 2009 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Dave Matthews Band - Funny The Way It Is - 2009 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Dave Matthews Band - Shake Me Like A Monkey - 2009 (CD - MP3 - 256).torrent c:\program files\Azureus\torrents\Dave Matthews Band - Squirm - 2009 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Dave Matthews Band - Time Bomb - 2009 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\David Axelrod - Marchin' [1980].torrent c:\program files\Azureus\torrents\David Axelrod - Seriously Deep.torrent c:\program files\Azureus\torrents\david axelrod - strange ladies.torrent c:\program files\Azureus\torrents\David Axelrod.torrent c:\program files\Azureus\torrents\david_axelrod-heavy_axe-1975-bsc.torrent c:\program files\Azureus\torrents\Dead Kennedys.torrent c:\program files\Azureus\torrents\Deejay_OM-Reheated_Naan_and_Curry-(Easel_Music)-2007-soup.torrent c:\program files\Azureus\torrents\Deerhoof - Friend Opportunity.torrent c:\program files\Azureus\torrents\Definitive_Swim_[adult_swim]__o-Demonoid.com-o_1223306.6206.torrent c:\program files\Azureus\torrents\Deftones-Adrenaline-1995.torrent c:\program files\Azureus\torrents\Delicious Sandwich Recepies.pdf.torrent c:\program files\Azureus\torrents\Devil Dub Band & Scientist - Live@Justice League 1.29.99.torrent c:\program files\Azureus\torrents\DFX for Winamp v9 204 Incl Keymaker-CORE.torrent c:\program files\Azureus\torrents\Dick Dale - Surfers' Choice - 1962 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Dick Dale & His Del-Tones - Greatest Hits 1961-1976 - 1992 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Dick Dale & His Del-Tones - Greatest Hits 1961-1976 - 1992 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Dischord_7_inches.torrent c:\program files\Azureus\torrents\DJ_Shadow_and_Cut_Chemist-Freeze-2003-RFL.torrent c:\program files\Azureus\torrents\Don Caballero.torrent c:\program files\Azureus\torrents\Don Salsa - Koolaid MOUSTACHe IN JONeSTOWN - 1997 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\Don_Caballero-World_Class_Listening_Problem-Promo-CD-2006-QTXMp3.torrent c:\program files\Azureus\torrents\Donny Hathaway - Everything Is Everything.torrent c:\program files\Azureus\torrents\Donny Hathaway - Extension Of A Man.torrent c:\program files\Azureus\torrents\Donny Hathaway - Live.torrent c:\program files\Azureus\torrents\Dorothy Ashby - Afro Harping (1968).torrent c:\program files\Azureus\torrents\Dr. Octagon - Dr. Octagonecologyst - 1997.torrent c:\program files\Azureus\torrents\Dr. Timothy Leary - The Psychedelic Experience (2003) [FLAC].torrent c:\program files\Azureus\torrents\Drums & Tuba.torrent c:\program files\Azureus\torrents\Drums and Tuba - Mostly Ape - 2002 - 192 kbps - smappdi.torrent c:\program files\Azureus\torrents\Dub Like Dirt.torrent c:\program files\Azureus\torrents\Dub Trio - Cool Out And Coexist (2007) [V0].torrent c:\program files\Azureus\torrents\Dub Trio - Exploring The Dangers Of.torrent c:\program files\Azureus\torrents\dubwise.torrent c:\program files\Azureus\torrents\Dungen-Tio_Bitar-(Proper)-2007-RTB.torrent c:\program files\Azureus\torrents\Eccentric Soul _ Mighty Mike Lenaburg.torrent c:\program files\Azureus\torrents\Egon.torrent c:\program files\Azureus\torrents\el-p - fantastic damage.torrent c:\program files\Azureus\torrents\El-P - Weareallgoingtoburninhellmegamix!!!.torrent c:\program files\Azureus\torrents\El Grupo Nuevo de Omar Rodriguez Lopez - Cryptomnesia - 2009 (Vinyl - FLAC - Lossless).torrent c:\program files\Azureus\torrents\El Michels Affair- Sounding Out The City (320 RiP).torrent c:\program files\Azureus\torrents\El_Michaels_Affair-Shaolin_Series_Vol_1_(Wu-Tang_Instrumental_Covers)-VLS-2006-FTD.torrent c:\program files\Azureus\torrents\el_michels_affair-duel_of_the_iron_mic-(ts012)-vinyl-2006-obc.torrent c:\program files\Azureus\torrents\El_P_I'll_sleep_when_you're_dead_Promo_2007-++Demonoid.com++_1223306.6206.torrent c:\program files\Azureus\torrents\Emergency.torrent c:\program files\Azureus\torrents\Ennio Morricone - La Tarantola dal Ventre Nero - 1971 (CD - FLAC - Lossless).torrent c:\program files\Azureus\torrents\Erykah Badu - Live.torrent c:\program files\Azureus\torrents\Erykah_Badu-World_Wide_Underground-2003-CKZ.torrent c:\program files\Azureus\torrents\Eset's Nod32 v4.0.314 (x86 & x64 with nod enabler 3.2.4).torrent c:\program files\Azureus\torrents\ESET Nod32 Antivirus.BREAK [20083].torrent c:\program files\Azureus\torrents\Estradasphere - The Pegasus Vault - Palace Era Compost Pile - 2008 (CD - FLAC - Lossless).torrent c:\program files\Azureus\torrents\eTrust Anti-Spam v4.0.380.rar.torrent c:\program files\Azureus\torrents\Everything I Play Is Funky.torrent c:\program files\Azureus\torrents\Everything Under the Sun.torrent c:\program files\Azureus\torrents\exploding star orchestra_we are all from somewhere else.torrent c:\program files\Azureus\torrents\Eyvind Kang - Athlantis.torrent c:\program files\Azureus\torrents\Faith No More - 880000 Mike Patton Demo (4 tracks).torrent c:\program files\Azureus\torrents\fakebooks.torrent c:\program files\Azureus\torrents\Fania All Stars - Latin Soul And Jazz.torrent c:\program files\Azureus\torrents\Farmers Market - Speed-Balkan-Boogie.torrent c:\program files\Azureus\torrents\Fast Cars, Danger, Fire, and Knives.torrent c:\program files\Azureus\torrents\Fear of a Black Tangent.torrent c:\program files\Azureus\torrents\Feist - Let It Die V0.torrent c:\program files\Azureus\torrents\Finch - Galleons of Passion - 1995 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\Five Suns.torrent c:\program files\Azureus\torrents\FLAC WTO.torrent c:\program files\Azureus\torrents\Flight of the Bass Delegate.torrent c:\program files\Azureus\torrents\Flight of the Conchords.torrent c:\program files\Azureus\torrents\Flight_of_the_Conchords-Folk_the_World_Tour_-_Live_Album-2002-IND.torrent c:\program files\Azureus\torrents\FLOOD.torrent c:\program files\Azureus\torrents\Flower Travellin' Band - 1970 - Anywhere.torrent c:\program files\Azureus\torrents\For Losers.torrent c:\program files\Azureus\torrents\Forkladd_Gud-Jazz_i_Sverige_77.torrent c:\program files\Azureus\torrents\Foxit.PDF.Editor.v2.1.0.build.0119.Cracked.WINALL-DJiNN.torrent c:\program files\Azureus\torrents\Frank Zappa - Appleton Album (1969) [FLAC].torrent c:\program files\Azureus\torrents\Frank Zappa - Freaks & Motherbleepers.torrent c:\program files\Azureus\torrents\Frank Zappa - Hot Rats (1969) [FLAC] {Vinyl LP}.torrent c:\program files\Azureus\torrents\Frank Zappa - Hot Rats (Original LP).torrent c:\program files\Azureus\torrents\Frank Zappa - Lumpy Gravy (1968) [FLAC] {Vinyl LP}.torrent c:\program files\Azureus\torrents\Frank Zappa - Weasels Ripped My Flesh (1970) {vinyl LP}.torrent c:\program files\Azureus\torrents\Frank Zappa & The Mothers - Cruising With Ruben And The Jets [Original LP].torrent c:\program files\Azureus\torrents\Frank Zappa & The Mothers - Uncle Meat (Original LP).torrent c:\program files\Azureus\torrents\Frank Zappa & The Mothers - We're Only In It For The Money [Original Mono LP].torrent c:\program files\Azureus\torrents\Frank Zappa_s Hot Licks (and Funny Smell.torrent c:\program files\Azureus\torrents\Frankly A Cappella.torrent c:\program files\Azureus\torrents\Free The Robots - Free The Robots.torrent c:\program files\Azureus\torrents\Free the Robots - The Prototype (2005) (V0 VBR).torrent c:\program files\Azureus\torrents\frisbie.torrent c:\program files\Azureus\torrents\From Silence To Sorcery.torrent c:\program files\Azureus\torrents\From the River to the Ocean.torrent c:\program files\Azureus\torrents\funk factory - funk factory (atco 1975).torrent c:\program files\Azureus\torrents\Funk Fusion Bass (Hal Leonard - Bass Builders) [Book+CD].torrent c:\program files\Azureus\torrents\Fur And Gold V0.torrent c:\program files\Azureus\torrents\Future 2 Future.torrent c:\program files\Azureus\torrents\Garage a Trois - Power Patriot - 2009 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Gas Lamp Killers (Sound In Color).torrent c:\program files\Azureus\torrents\Gaslamp Killer-Gaslamp Killers.torrent c:\program files\Azureus\torrents\Gaslamp_Killer-Its_A_Rocky_Road_Vol.1-CDR-2007-soup.torrent c:\program files\Azureus\torrents\Genclik Ile Elele.torrent c:\program files\Azureus\torrents\Ghost-The_Get_Down-2007-DGN.torrent c:\program files\Azureus\torrents\Ghost of Electricity.torrent c:\program files\Azureus\torrents\gigi-gigi.torrent c:\program files\Azureus\torrents\Gnarls Barkley - St. Elsewhere (MP3 320 (CBR)).torrent c:\program files\Azureus\torrents\Goblin Cock - Bagged and Boarded.torrent c:\program files\Azureus\torrents\Gold & Wax.torrent c:\program files\Azureus\torrents\Golden.torrent c:\program files\Azureus\torrents\Gong - Gazeuze! - Mp3V0.torrent c:\program files\Azureus\torrents\Grand Imperial.torrent c:\program files\Azureus\torrents\Grimace Federation - Tasted By Chemists_192.torrent c:\program files\Azureus\torrents\Grobschnitt - 1972 - Grobschnitt.torrent c:\program files\Azureus\torrents\Growing[1].Marijuana.9.Books.Please.Share.zip.torrent c:\program files\Azureus\torrents\Guapo - Twisted Stems EP (Aurora Borealis 2006).torrent c:\program files\Azureus\torrents\Guns N' Roses - Chinese Democracy (New leaks from 2008-06-18) - 2008 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\Gyakuten Saiban Jazz Album ~Gyakuten Meets Jazz Soul~.torrent c:\program files\Azureus\torrents\hank williams iii - straight to hell [2006].torrent c:\program files\Azureus\torrents\Harmonic Tremors.torrent c:\program files\Azureus\torrents\Harry Mudie Meet King Tubby In Dub Conference Vol. 1.torrent c:\program files\Azureus\torrents\Harvey Milk - Kelly Sessions.torrent c:\program files\Azureus\torrents\Hella-Acoustics-(EP)-2006-RTB.torrent c:\program files\Azureus\torrents\Hella_There's_No_666_In_Outer_Space.torrent c:\program files\Azureus\torrents\Hendrix.torrent c:\program files\Azureus\torrents\Henry Cow - 1973 - Leg End.torrent c:\program files\Azureus\torrents\Henry Cow - 1974 - Unrest.torrent c:\program files\Azureus\torrents\Henry Cow - 1979 - Western Culture.torrent c:\program files\Azureus\torrents\henry cow - in praise of learning (remastered) (1975).torrent c:\program files\Azureus\torrents\Herbie Hancock - Man-Child.torrent c:\program files\Azureus\torrents\Herbie Hancock - The Spook Who Sat By The Door.torrent c:\program files\Azureus\torrents\herbie hancock - V.S.O.P. - Live Under The Sky.torrent c:\program files\Azureus\torrents\HH Quartet w.Jaco Pastorius - The Ivanhoe Theatre, Chicago 2.16.77.torrent c:\program files\Azureus\torrents\Horace Silver Trio and Art Blakey - Sabu.torrent c:\program files\Azureus\torrents\horse the band - beautiful songs by men ep.torrent c:\program files\Azureus\torrents\HORSE the band - Desperate Living - 2009 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\HORSE The Band - R. Borlax.torrent c:\program files\Azureus\torrents\How to Read Music.torrent c:\program files\Azureus\torrents\Hu Vibrational - Universal Mother (Soul Jazz SJR139CD, 2006).torrent c:\program files\Azureus\torrents\Husky.torrent c:\program files\Azureus\torrents\Hydroponic Sound System - Watch For Sound EP.torrent c:\program files\Azureus\torrents\Hydroponic_Sound_System-The_Hard_Work_EP-Vinyl-2007-FTD.torrent c:\program files\Azureus\torrents\I.torrent c:\program files\Azureus\torrents\Ikoyi Blindness.torrent c:\program files\Azureus\torrents\Illuminated Audio.torrent c:\program files\Azureus\torrents\illy B eats 3.torrent c:\program files\Azureus\torrents\Imaginary Diseases.torrent c:\program files\Azureus\torrents\Impeach the Precedent.torrent c:\program files\Azureus\torrents\Interstellar Space Revisited (The Music of John Coltrane).torrent c:\program files\Azureus\torrents\Iron and Wine - The Shepherd's Dog (V0).torrent c:\program files\Azureus\torrents\James Brown - there it is.torrent c:\program files\Azureus\torrents\James_Brown-Greatest_Breakbeats-2CD-2005-RNS.torrent c:\program files\Azureus\torrents\Jazz At Massey Hall, Volume 2.torrent c:\program files\Azureus\torrents\Jazz in 3-4 Time.torrent c:\program files\Azureus\torrents\Jazz is Dead- Blue Light Rain.torrent c:\program files\Azureus\torrents\Jean-Claude Vannier-l'enfant assassin des mouches.torrent c:\program files\Azureus\torrents\Jello Biafra - In the Grip of Official Treason.torrent c:\program files\Azureus\torrents\Jello Biafra with NoMeansNo - The Sky Is Falling And I Want My Mommy.torrent c:\program files\Azureus\torrents\Jello_Biafra_With_DOA-Last_Scream_Of_The_Missing_Neighbors-1989.torrent c:\program files\Azureus\torrents\Jennifer Gentle - The Midnight Room.torrent c:\program files\Azureus\torrents\Jesu - Heart Ache EP [V0].torrent c:\program files\Azureus\torrents\Jettison Slinky - Dank Side Of The Morn.torrent c:\program files\Azureus\torrents\Joe_Bataan-Salsoul-1973-BSC.torrent c:\program files\Azureus\torrents\Joe_Beats-Diverse_Recourse-(Bully)-2007-soup.torrent c:\program files\Azureus\torrents\John Coltrane - A Love Supreme.torrent c:\program files\Azureus\torrents\John Fogerty - Revival.torrent c:\program files\Azureus\torrents\John Medeski - Suspiria.torrent c:\program files\Azureus\torrents\John Zorn - [2006] Orobas - The Book of Angels Vol. 4 (Koby Israelite).torrent c:\program files\Azureus\torrents\John Zorn - O'o - 2009 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Johnny_Guitar_Watson-The_Funk_Anthology-2CD-2005-ONe.torrent c:\program files\Azureus\torrents\Jon_Poole-Whats_The_Ugliest_Part_Of_Your_Body.torrent c:\program files\Azureus\torrents\Journey In Satchidananda.torrent c:\program files\Azureus\torrents\Kalakuta Show.torrent c:\program files\Azureus\torrents\Kashmere Stage Band - Out Of Gas But Still Burning (1974).torrent c:\program files\Azureus\torrents\Kashmere Stage Band - Zero Point (1971-72).torrent c:\program files\Azureus\torrents\Kayo Dot - Choirs Of The Eye.torrent c:\program files\Azureus\torrents\Keith Jarrett - The Köln Concert.torrent c:\program files\Azureus\torrents\King Crimson - One Collection - 13 CD.torrent c:\program files\Azureus\torrents\King Tubby - Dub - More Bass Culture.torrent c:\program files\Azureus\torrents\King Tubby - Original King Key Dub.torrent c:\program files\Azureus\torrents\Kiss The Future.torrent c:\program files\Azureus\torrents\KMD-Mr_Hood-Remastered-2001-CMS.torrent c:\program files\Azureus\torrents\KMD - Mr. Hood-1.torrent c:\program files\Azureus\torrents\KPM 1044 - Alan Hawkshaw & Keith Mansfield - The Big Beat.torrent c:\program files\Azureus\torrents\kpm1155 - mike vickers - kpm music library - a moog for more reasons.torrent c:\program files\Azureus\torrents\lack_of_afro-roderigo_bw_(natural_self_version)_(7inch)_(freestyle_fsr7025)_(2007)-mung.torrent c:\program files\Azureus\torrents\lack_of_afro-wait_a_minute-(fsr039)-vinyl-2006-obc.torrent c:\program files\Azureus\torrents\Las Vegas Grind Part 1.torrent c:\program files\Azureus\torrents\Leary, Timothy--The Tibetan Book of the Dead-The Psychedelic Experience (Mind, Spirit, english).torrent c:\program files\Azureus\torrents\Legends Of Acid Jazz_ Leon Spencer.torrent c:\program files\Azureus\torrents\Leonard Cohen - Songs From A Room.torrent c:\program files\Azureus\torrents\Leonard Cohen - Songs Of Leonard Cohen.torrent c:\program files\Azureus\torrents\Leonard Cohen - Songs Of Love & Hate.torrent c:\program files\Azureus\torrents\les baxter-samuel hoffman - music out of the moon [1947].torrent c:\program files\Azureus\torrents\Les Baxter -- 1954 -- The Passions LP (feat Bas Sheva).torrent c:\program files\Azureus\torrents\Les Baxter -- 1954 -- Thinking of You LP.torrent c:\program files\Azureus\torrents\Les Baxter -- 1956 -- Caribbean Moonlight LP.torrent c:\program files\Azureus\torrents\Les Baxter -- 1968 -- Moog Rock LP.torrent c:\program files\Azureus\torrents\Les Baxter - 1959 - Jungle Jazz.torrent c:\program files\Azureus\torrents\les baxter - bora bora [1968].torrent c:\program files\Azureus\torrents\Les_Claypool-Of_Whales_And_Woe-2006-RNS.torrent c:\program files\Azureus\torrents\Let's Stay Friends.torrent c:\program files\Azureus\torrents\Lettuce - Live in Tokyo.torrent c:\program files\Azureus\torrents\Leviathan.torrent c:\program files\Azureus\torrents\Liberation Afro Beat Vol 1.torrent c:\program files\Azureus\torrents\Life Time.torrent c:\program files\Azureus\torrents\Limbomaniacs - Stinky Grooves - FLAC.torrent c:\program files\Azureus\torrents\Live In San Francisco.torrent c:\program files\Azureus\torrents\Look-Ka Py Py.torrent c:\program files\Azureus\torrents\Lord Newborn and the Magic Skulls - Lord Newborn and the Magic Skulls - 2009 (WEB - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Los Angeles.torrent c:\program files\Azureus\torrents\Lou Donaldson - Alligator Bogaloo (1967) [@192].torrent c:\program files\Azureus\torrents\M.I.A.-Kala-2007-V0.torrent c:\program files\Azureus\torrents\Mac Lethal - 11.11 (2007).torrent c:\program files\Azureus\torrents\Made In Japan.torrent c:\program files\Azureus\torrents\Madlib-Beat_Konducta_Vol._3-4-2007-C4.torrent c:\program files\Azureus\torrents\Madlib-Mind_Fusion_Vol_2-Jazz_Funk_Soul-2004-FTD.torrent c:\program files\Azureus\torrents\Madlib-Mind_Fusion_Vol_3-2005-SWE.torrent c:\program files\Azureus\torrents\Madlib-Mind_Fusion_Vol_4-Bootleg-2006-FTD-1.torrent c:\program files\Azureus\torrents\Madlib-Mind_Fusion_Vol_5-Bootleg-2006-FTD.torrent c:\program files\Azureus\torrents\Madlib - Beat Konducta Vol. 3 Beat Konducta In India [320].torrent c:\program files\Azureus\torrents\Madlib - The Crates.torrent c:\program files\Azureus\torrents\Madvillain - Four Tet Remix.torrent c:\program files\Azureus\torrents\Man...Or Astroman - Destroy All Astromen!!.torrent c:\program files\Azureus\torrents\Manhattan Research, Inc_.torrent c:\program files\Azureus\torrents\Manu Dibango - Very Best of Manu Dibango.torrent c:\program files\Azureus\torrents\Marc Moulin - placebo sessions 1971-1974.torrent c:\program files\Azureus\torrents\Marc Moulin - Sam Suffy (1975).torrent c:\program files\Azureus\torrents\marc_moulin_-_i_am_you-2007-mnd [blue note records].torrent c:\program files\Azureus\torrents\marijuana4.torrent c:\program files\Azureus\torrents\marsvolta2006-10-28.flac16.torrent c:\program files\Azureus\torrents\Martin Denny -- 1969 -- Exotic Moog LP.torrent c:\program files\Azureus\torrents\Marva Whitney - It's My Thing.torrent c:\program files\Azureus\torrents\Mary, Don't Take Me On No Bad Trip.torrent c:\program files\Azureus\torrents\maserati-inventions for the new season V0.torrent c:\program files\Azureus\torrents\Mastadon - Remission.torrent c:\program files\Azureus\torrents\Mastodon - Call Of The Mastodon.torrent c:\program files\Azureus\torrents\Mastodon - Lifesblood.torrent c:\program files\Azureus\torrents\Matthew Dear - Asa Breed (V0).torrent c:\program files\Azureus\torrents\Max Roach - Complete Mercury Plus Four Sessions (Mosaic Record 201).torrent c:\program files\Azureus\torrents\Max Roach - Long As You're Living (1960).torrent c:\program files\Azureus\torrents\Max Roach - speak, brother, speak!.torrent c:\program files\Azureus\torrents\Max Roach - We Insist! Max Roach's Freedom Now Suite.torrent c:\program files\Azureus\torrents\Max Roach Solos.torrent c:\program files\Azureus\torrents\Max Roach.torrent c:\program files\Azureus\torrents\max romeo & the upsetters - war ina babylon(1976) (FLAC).torrent c:\program files\Azureus\torrents\McLemore Avenue.torrent c:\program files\Azureus\torrents\Medeski Martin and Wood - 05-29-1998 Boulder Theater, Boulder, CO - 1998 (Soundboard - FLAC - Lossless).torrent c:\program files\Azureus\torrents\Medeski Martin and Wood - Radiolarians II - 2009 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Medeski Martin and Wood - Radiolarians III - 2009 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Medeski_Scofield_Martin_and_Wood-Out_Louder-2006-RTB.torrent c:\program files\Azureus\torrents\Mel Brown - Chicken Fat - vinyl.torrent c:\program files\Azureus\torrents\Melissa Etheridge - Greatest Hits The Road Less Traveled - 2005 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Menomena - 2006 - Wet And Rusting.torrent c:\program files\Azureus\torrents\Menomena - Friend and Foe (V0).torrent c:\program files\Azureus\torrents\Menomena - I Am The Fun Blame Monster (V0).torrent c:\program files\Azureus\torrents\Menomena - Under an Hour.torrent c:\program files\Azureus\torrents\Menos el Oso.torrent c:\program files\Azureus\torrents\Meshuggah.torrent c:\program files\Azureus\torrents\Meters - Rejuvenation.torrent c:\program files\Azureus\torrents\MF Doom - Since Last Week.torrent c:\program files\Azureus\torrents\Miasma & the Carousel of Headless Horses - 2005 - Peril [320].torrent c:\program files\Azureus\torrents\Microsoft Office Professional 2003 SP2.iso.torrent c:\program files\Azureus\torrents\Miles Davis - On the Corner1.torrent c:\program files\Azureus\torrents\MingusMP3.torrent c:\program files\Azureus\torrents\Mirrored.torrent c:\program files\Azureus\torrents\Mishaps Happening.torrent c:\program files\Azureus\torrents\Mission Of Burma - The Obliterati.torrent c:\program files\Azureus\torrents\Mit Gas.torrent c:\program files\Azureus\torrents\Mitch Hedberg.torrent c:\program files\Azureus\torrents\MMW- B-Sides.torrent c:\program files\Azureus\torrents\mmwbonnaroo06.torrent c:\program files\Azureus\torrents\MMWElectronicTonic.torrent c:\program files\Azureus\torrents\Modest Mouse.torrent c:\program files\Azureus\torrents\MoFO (320).torrent c:\program files\Azureus\torrents\Mofongo Para El Alma.torrent c:\program files\Azureus\torrents\Moonchild.torrent c:\program files\Azureus\torrents\Na Poi.torrent c:\program files\Azureus\torrents\Nation of Ulysses - 13-Point Program to Destroy America - 1991 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Nation of Ulysses - Plays Pretty For Baby - 1992 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Naturally.torrent c:\program files\Azureus\torrents\Nero 7.10.1.0 Lite.torrent c:\program files\Azureus\torrents\Nero 9.0.9.4b LiTE.torrent c:\program files\Azureus\torrents\Neurosis - Souls At Zero.torrent c:\program files\Azureus\torrents\Neutral Milk Hotel - In The Aeroplane Over The Sea (V0 MP3).torrent c:\program files\Azureus\torrents\New Heavy.torrent c:\program files\Azureus\torrents\New Monastery - A View Into The Music Of.torrent c:\program files\Azureus\torrents\New Thing.torrent c:\program files\Azureus\torrents\Nicole Willis and The Soul Investigators.torrent c:\program files\Azureus\torrents\nicole_willis_the_soul_investigators-keep_reachin_up_remixed-(advance)-2007-h3x.torrent c:\program files\Azureus\torrents\nilsson schmilsson.torrent c:\program files\Azureus\torrents\Nino Rota - Giulietta degli spiriti - Juliet Of The Spirits (1999).torrent c:\program files\Azureus\torrents\Nino Rota - Il Casanova (Di Federico Fellini).torrent c:\program files\Azureus\torrents\No Control.torrent c:\program files\Azureus\torrents\NOD32 Anti Virus v4.0.424.torrent c:\program files\Azureus\torrents\NOFX - Coaster - 2009 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\NoMeansNo - No Means No One.torrent c:\program files\Azureus\torrents\NoMeansNo - Wrong.torrent c:\program files\Azureus\torrents\nomo-better_than_that-(ks016-12)-vinyl-2006-obc.torrent c:\program files\Azureus\torrents\Nuance.PDF.Converter.Professional.x64.v5.0-AGAiN [2008-5].torrent c:\program files\Azureus\torrents\Numero 014 - Cult Cargo - Grand Bahama Goombay.torrent c:\program files\Azureus\torrents\Ocho - Ocho II.torrent c:\program files\Azureus\torrents\of Montreal - Aldhils Arboretum - 2002 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - Cherry Peel (Original) - 1997 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - Coquelicot Asleep in the Poppies_ A Variety of Whimsical Verse - 2001 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Of Montreal - Hissing Fauna, Are You The Destroyer_ [MP3 320].torrent c:\program files\Azureus\torrents\of Montreal - Icons, Abstract Thee - 2007 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - If He is Protecting Our Nation, Then Who Will Protect Big Oil, Our Children_ - 2003 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - Satanic Panic In The Attic - 2004 (CD - MP3 - 256).torrent c:\program files\Azureus\torrents\of Montreal - Satanic Panic In The Attic - 2004 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - Skeletal Lamping - 2009 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - The Bedside Drama_ A Petite Tragedy - 1998 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\of Montreal - The Gay Parade - 1999 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\Of Montreal - The Sunlandic Twins.torrent c:\program files\Azureus\torrents\Off the Beaten Track.torrent c:\program files\Azureus\torrents\Oh_No-Dr._Nos_Oxperiment-Promo-2007.torrent c:\program files\Azureus\torrents\oink - Fridge-The_Sun-Promo-2007-JUST.torrent c:\program files\Azureus\torrents\OMAR A. RODRIGUEZ and JOHN FRUSCIANTE - Special 12 single series.torrent c:\program files\Azureus\torrents\Omar Rodriguez-Lopez - Los Sueños De Un Hidago - 2009 (WEB - MP3 - 320).torrent c:\program files\Azureus\torrents\Omar Rodriguez-Lopez - Xenophanes - 2009 (WEB - MP3 - 320).torrent c:\program files\Azureus\torrents\Omar Rodriguez-Lopez & Damo Suzuki - Please Heat This Eventually.torrent c:\program files\Azureus\torrents\Omar_Rodriguez_Lopez-Se_Dice_Bisonte_No_Bufalo-(Advance)-2007-RTB.torrent c:\program files\Azureus\torrents\Omnibus Wind Ensemble Plays Frank Zappa.torrent c:\program files\Azureus\torrents\One Day Everything Changed.torrent c:\program files\Azureus\torrents\One Night Stand (HBO).torrent c:\program files\Azureus\torrents\Orgasm.torrent c:\program files\Azureus\torrents\Orgone - Funky Nassau.torrent c:\program files\Azureus\torrents\Ornette Coleman - 1975 - Body Meta.torrent c:\program files\Azureus\torrents\Osaka_Monaurail-New_New_Type_Thing-VLS-2004-JCE.torrent c:\program files\Azureus\torrents\Other Men - Wake Up Swimming (2007).torrent c:\program files\Azureus\torrents\Otis Jackson Jr. Trio.torrent c:\program files\Azureus\torrents\Palace Of Mirrors.torrent c:\program files\Azureus\torrents\Pale Horse - Gee, That Ain't Swell.torrent c:\program files\Azureus\torrents\Passport - Cross Collateral.torrent c:\program files\Azureus\torrents\Passport - Spirit of Continuity - The Passport Anthology [mp3].torrent c:\program files\Azureus\torrents\Pattie_Blingh_And_The_Akebulan_Five-Sagala-2007-UKP.torrent c:\program files\Azureus\torrents\pdf - basement chemistry.torrent c:\program files\Azureus\torrents\PDF.Password.Remover.v3.0.Incl-Keygen.torrent c:\program files\Azureus\torrents\Pelican - 2007 - City Of Echoes V0(2).torrent c:\program files\Azureus\torrents\Pelican - The Fire In Our Throats Will Beckon the Thaw.torrent c:\program files\Azureus\torrents\Perfect Colors.torrent c:\program files\Azureus\torrents\Pharoah_Sanders--Love_In_Us_All-(Impulse_Records_Japan)-CD-2006-mbs.torrent c:\program files\Azureus\torrents\Phil_Schneider_-_Underground_Bases_and_The_New_World_Order.torrent c:\program files\Azureus\torrents\phonosycographDISK - Ancient Termites.torrent c:\program files\Azureus\torrents\Pick A Bigger Weapon (2006).torrent c:\program files\Azureus\torrents\Pierre Swärd & The Hammond Jazz´n Soul Group - Organ Jazz´n Soul.torrent c:\program files\Azureus\torrents\Pink Floyd - Pulse - 1995 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\polish jazz ep [2003].torrent c:\program files\Azureus\torrents\Portugal. The Man - Church Mouth (2 CD MP3 V0).torrent c:\program files\Azureus\torrents\Primus-Madhouse.torrent c:\program files\Azureus\torrents\Prince_Jammy-Destroys_The_Invaders-1982-RAC.torrent c:\program files\Azureus\torrents\Psychedelic Soul Jazz Guitar.torrent c:\program files\Azureus\torrents\Public_Enemy-How_You_Sell_Soul_To_A_Soulless_People_Who_Sold_Their_Soul-2007-C4.torrent c:\program files\Azureus\torrents\puccio roelens - Rock Satellite (1977).torrent c:\program files\Azureus\torrents\Pulp Fusion - Africa Funk.torrent c:\program files\Azureus\torrents\Pulp Fusion - Bustin' Loose.torrent c:\program files\Azureus\torrents\Pulp Fusion - Revenge Of The Ghetto Grooves.torrent c:\program files\Azureus\torrents\Pulp Fusion - Vol 1 - Funky jazz classics & original breaks from the tough side.torrent c:\program files\Azureus\torrents\Pulp Fusion - Vol 2.torrent c:\program files\Azureus\torrents\Pulp Fusion - Vol 5 - Evolution.torrent c:\program files\Azureus\torrents\Pulp Fusion - Vol 6 - Magnum.torrent c:\program files\Azureus\torrents\Pulp Fusion - Vol 7- The harder they come.torrent c:\program files\Azureus\torrents\Pulp Fusion Vol4.torrent c:\program files\Azureus\torrents\Pushin' On mp3 v0.torrent c:\program files\Azureus\torrents\Pyramidi.torrent c:\program files\Azureus\torrents\Quantic-An_Announcement_To_Answer-(TRUCD100)-Advance_CD-2006-OBC.torrent c:\program files\Azureus\torrents\quantic soul orchestra - stampede.torrent c:\program files\Azureus\torrents\quantic the worlds rarestfunk .torrent c:\program files\Azureus\torrents\Radio_Moscow-Radio_Moscow-2007-192kbs.torrent c:\program files\Azureus\torrents\Radioinactive - Soundtrack to a Book.torrent c:\program files\Azureus\torrents\Raekwon_And_El_Michaels_Affair-The_Pjs___From_Afar-VLS-2007-C4.torrent c:\program files\Azureus\torrents\Raymond Scott-Reckless Nights and Turkish Twilights mp3.torrent c:\program files\Azureus\torrents\Reality For The People.torrent c:\program files\Azureus\torrents\recorded live at Sing Sing.torrent c:\program files\Azureus\torrents\Red Hot + Riot - The Music & Spirit of Fela Kuti.torrent c:\program files\Azureus\torrents\Red Hot Chili Peppers - B Sides.torrent c:\program files\Azureus\torrents\Red Hot Chili Peppers - Organic Soundball.torrent c:\program files\Azureus\torrents\Return to Forever - Romantic Warrior.torrent c:\program files\Azureus\torrents\Riot.torrent c:\program files\Azureus\torrents\RKL (Rich Kids on LSD).torrent c:\program files\Azureus\torrents\Robert Anton Wilson - The Illuminati Papers v0.9.pdf.torrent c:\program files\Azureus\torrents\Roots.torrent c:\program files\Azureus\torrents\Rova Orkestrova.torrent c:\program files\Azureus\torrents\Roy Ayers - Everybody Loves the Sunshine.torrent c:\program files\Azureus\torrents\Russian Circles - Geneva - 2009 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Ryan Adams - Heartbreaker.torrent c:\program files\Azureus\torrents\RZA-The_Formula_for_the_Cure-2004-B2R.torrent c:\program files\Azureus\torrents\saafir - unreleased boxcar sessions.torrent c:\program files\Azureus\torrents\Sabu Martinez - Afro Temple (1973).torrent c:\program files\Azureus\torrents\Sabu Martinez.torrent c:\program files\Azureus\torrents\Sarolta Zalatnay.torrent c:\program files\Azureus\torrents\Satori.torrent c:\program files\Azureus\torrents\Scientist - Dub For Daze Vol. 2.torrent c:\program files\Azureus\torrents\Scotty Hard's Radical Reconstructive Surgery.torrent c:\program files\Azureus\torrents\Secret Chiefs 3 - Circumambulation & Labyrinth Of Light - UR.torrent c:\program files\Azureus\torrents\Secret Chiefs 3 - Ishraqiyun The Electromagnetic Azoth 7 inch.torrent c:\program files\Azureus\torrents\Secret Chiefs 3 - Live in Los Angeles [20060113].torrent c:\program files\Azureus\torrents\Secret Chiefs 3 - The Electromagnetic Azoth UR 7.torrent c:\program files\Azureus\torrents\Secret Chiefs 3 - UR - Drive.torrent c:\program files\Azureus\torrents\Secret Chiefs 3.torrent c:\program files\Azureus\torrents\Secret_Chiefs_3-Path_Of_Most_Resistance-2007-KzT.torrent c:\program files\Azureus\torrents\Selda.torrent c:\program files\Azureus\torrents\Shape_of_Broad_Minds-Blue_Experience-EP-2007-R3D.torrent c:\program files\Azureus\torrents\Sharon_Jones_And_The_Dap-Kings-100_Days_100_Nights-(Advance)-2007-OSC.torrent c:\program files\Azureus\torrents\Shibuya Jazz Classics - Sleep Walker Collection.torrent c:\program files\Azureus\torrents\Side One.torrent c:\program files\Azureus\torrents\Sitar Beat.torrent c:\program files\Azureus\torrents\Six.torrent c:\program files\Azureus\torrents\SJR 022 - Various Artists - Brasil (Soul Jazz - 1994).torrent c:\program files\Azureus\torrents\SJR 038 - Grupo Oba-Ilu - Santeria_ songs for the Orishas (musica afrocubana) (Soul Jazz - 1998).torrent c:\program files\Azureus\torrents\SJR 040 - Various Artists - 100% dynamite! Ska, soul, rocksteady & funk in Jamaica (Soul Jazz - 1998).torrent c:\program files\Azureus\torrents\SJR 047 - New Orleans funk the original sound of funk 1960-75 (Soul Jazz-2000) [mp3 V0].torrent c:\program files\Azureus\torrents\SJR 072 - Various Artists - Miami sound_ rare funk & soul from Miami, Florida 1967-1974 (Soul Jazz - 2003).torrent c:\program files\Azureus\torrents\SJR 080 - Jackie Mittoo and the Soul Brothers - Last train to Skaville (Soul Jazz - 2003).torrent c:\program files\Azureus\torrents\SJR 097 - Various Artists - Studio One funk_ the original (Soul Jazz - 2004).torrent c:\program files\Azureus\torrents\SJR 105 - Various Artists - Haitian Vodou_ Spirits of life (Soul Jazz - 2005).torrent c:\program files\Azureus\torrents\SJR 122 - Steve Reid Ensemble - Spirit walk (Soul Jazz - 2005).torrent c:\program files\Azureus\torrents\SJR41 200% Dynamite.torrent c:\program files\Azureus\torrents\SJR46 400% Dynamite.torrent c:\program files\Azureus\torrents\SJR84 600% Dynamite.torrent c:\program files\Azureus\torrents\Skerik's Syncopated Taint Septet- SSTS [Live] mp3 320.torrent c:\program files\Azureus\torrents\Skerik- Left for Dead in Seattle.torrent c:\program files\Azureus\torrents\Skerik - Psychochromatic.torrent c:\program files\Azureus\torrents\Skidoo-The Point!.torrent c:\program files\Azureus\torrents\Skream.torrent c:\program files\Azureus\torrents\Skullgrid.torrent c:\program files\Azureus\torrents\Sky Blue Sky.torrent c:\program files\Azureus\torrents\Soft Machine - (1971) Fourth Fifth.torrent c:\program files\Azureus\torrents\Soft Machine - BBC Radio 1 Live in Concert - 1971 @192Kbps.torrent c:\program files\Azureus\torrents\Soft Machine - British Tour 75.torrent c:\program files\Azureus\torrents\Soft Machine - Floating World Live.torrent c:\program files\Azureus\torrents\Soft Machine - Fourth.torrent c:\program files\Azureus\torrents\Soft Machine - Grides.torrent c:\program files\Azureus\torrents\Soft Machine - Softs.torrent c:\program files\Azureus\torrents\Soft Machine.torrent c:\program files\Azureus\torrents\Soft Mountain - Soft Mountain.torrent c:\program files\Azureus\torrents\Somethin' Else - Cannonball Adderly.torrent c:\program files\Azureus\torrents\Song of Innocence.torrent c:\program files\Azureus\torrents\Songs About bleeping.torrent c:\program files\Azureus\torrents\Sonny Rollns - Plus 4.torrent c:\program files\Azureus\torrents\sonny sharrock - black woman.torrent c:\program files\Azureus\torrents\Soothing Sounds For Baby, Volume 1.torrent c:\program files\Azureus\torrents\Sorcery!.torrent c:\program files\Azureus\torrents\Soul Dressing.torrent c:\program files\Azureus\torrents\Soul Jazz Love Strata-East (1994).torrent c:\program files\Azureus\torrents\Special Wishes.torrent c:\program files\Azureus\torrents\Special_Herbs_The_Box_Set_Vol_0-9.torrent c:\program files\Azureus\torrents\Spectrum.torrent c:\program files\Azureus\torrents\Starless and Bible Black Sabbath.torrent c:\program files\Azureus\torrents\Stelvio Cipriani - Cani Arrabbiati - 1974 (CD - MP3 - 192).torrent c:\program files\Azureus\torrents\Stelvio Cipriani - Femina Ridens - 2008 (Vinyl - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Steven Wright - I Have a Pony (1985).torrent c:\program files\Azureus\torrents\Streams Of Conciousness.torrent c:\program files\Azureus\torrents\Studio One Scorcher vol.torrent c:\program files\Azureus\torrents\Summer In Abaddon.torrent c:\program files\Azureus\torrents\Sun Ra - 1973 - Discipline.torrent c:\program files\Azureus\torrents\Sun Ra - Lanquidity (Vinyl MP3 Rip).torrent c:\program files\Azureus\torrents\Sun Ra And The Arkestra - Sound Of Joy [UK].torrent c:\program files\Azureus\torrents\Super Cool California Soul 2.torrent c:\program files\Azureus\torrents\Super_Cat-Si_Boops_Deh-LP-1985-YARD.torrent c:\program files\Azureus\torrents\Talib_Kweli_And_Madlib-Liberation-2007.torrent c:\program files\Azureus\torrents\Talkatif.torrent c:\program files\Azureus\torrents\Talking Heads - Remain in Light.torrent c:\program files\Azureus\torrents\Talking To The People (1973).torrent c:\program files\Azureus\torrents\Tauhid.torrent c:\program files\Azureus\torrents\Tera Melos.torrent c:\program files\Azureus\torrents\Tera_Melos-Drugs_To_The_Dear_Youth-(EP)-2007-EXP.torrent c:\program files\Azureus\torrents\Terry-Riley A Rainbow In Curved Air.torrent c:\program files\Azureus\torrents\Terry Riley - Happy Ending (1972) LP.torrent c:\program files\Azureus\torrents\Terry Riley - Shri Camel (1978).torrent c:\program files\Azureus\torrents\The '69 Los Angeles Sessions.torrent c:\program files\Azureus\torrents\The Amazing Undersea Adventures of Aqua Kitty and Friends.torrent c:\program files\Azureus\torrents\The Black Keys - Magic Potion LP (mp3).torrent c:\program files\Azureus\torrents\The Blood Brothers - Young Machetes.torrent c:\program files\Azureus\torrents\The Bombay Connection (Funk from Bollywood Action Thrillers 1977-1984).torrent c:\program files\Azureus\torrents\The Budos Band II.torrent c:\program files\Azureus\torrents\The Carl Stalling Project.torrent c:\program files\Azureus\torrents\The Champ.torrent c:\program files\Azureus\torrents\The Cinematic Orchestra - Ma Fleur (320).torrent c:\program files\Azureus\torrents\The Cinematic Orchestra - Man With A Movie Camera.torrent c:\program files\Azureus\torrents\The Cinematic Orchestra - Motion.torrent c:\program files\Azureus\torrents\The Coalition of the Willing.torrent c:\program files\Azureus\torrents\The Complete Aquarium Guide.pdf.torrent c:\program files\Azureus\torrents\The Complete Jazz Guitar Method 1-4.torrent c:\program files\Azureus\torrents\The Coup - Steal This Album.torrent c:\program files\Azureus\torrents\The Dead Milkmen - Beelzebubba (192kbps) mp3.torrent c:\program files\Azureus\torrents\The Dead Milkmen - Big Lizard In My Backyard.torrent c:\program files\Azureus\torrents\The Dead Milkmen - Eat Your Paisley.torrent c:\program files\Azureus\torrents\The Dillinger Escape Plan - Ire Works [2007-MP3-V2 (VBR)].torrent c:\program files\Azureus\torrents\The Distant Future.torrent c:\program files\Azureus\torrents\The Dub Room Special.torrent c:\program files\Azureus\torrents\The Ed Palermo Big Band - Plays The Music Of Frank Zappa.torrent c:\program files\Azureus\torrents\the eddie roberts quintet - giorgio's brother (lack of afro remix) copy.torrent c:\program files\Azureus\torrents\The bleeping Champs(4 albums).torrent c:\program files\Azureus\torrents\The Giant Pin.torrent c:\program files\Azureus\torrents\The Mackrosoft - Discography.torrent c:\program files\Azureus\torrents\The Mars Volta - Live at Personal fest 2008 - 2008 (CD - MP3 - 320).torrent c:\program files\Azureus\torrents\The Mars Volta - Live at the Troubadour.torrent c:\program files\Azureus\torrents\The Mars Volta - Octahedron - 2009 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\The Mars Volta - Sydney Australia (6-19-08) - 2008 (Soundboard - MP3 - 320).torrent c:\program files\Azureus\torrents\The Max Roach Trio, Featuring The Legendary Hassan.torrent c:\program files\Azureus\torrents\The Mechanical Hand.torrent c:\program files\Azureus\torrents\The Meters - Uptown Rulers! (Live On The Queen Mary).torrent c:\program files\Azureus\torrents\The New Standard.torrent c:\program files\Azureus\torrents\The Noisettes - What's The Time Mr Wolf.torrent c:\program files\Azureus\torrents\The Payback.torrent c:\program files\Azureus\torrents\The Prof. In...Convexed.torrent c:\program files\Azureus\torrents\The Psyche Funk of Black Merda.torrent c:\program files\Azureus\torrents\The Real Frank Zappa Book.torrent c:\program files\Azureus\torrents\The Sensational Guitars of Dan and Dale (Sun Ra and the Blues Project) - Batman and Robin.torrent c:\program files\Azureus\torrents\The Shapes We Make.torrent c:\program files\Azureus\torrents\The Shining.torrent c:\program files\Azureus\torrents\The Shins - Wincing the Night Away (2007, Indie, MP3).torrent c:\program files\Azureus\torrents\The Soft Machine - Third.torrent c:\program files\Azureus\torrents\The Sound Of Animals Fighting-Tiger & The Duke (Re-Release-2007.torrent c:\program files\Azureus\torrents\The Way Things Work.torrent c:\program files\Azureus\torrents\The Weather lossy.torrent c:\program files\Azureus\torrents\The Weather.torrent c:\program files\Azureus\torrents\the white stripes - 03.01.2001.torrent c:\program files\Azureus\torrents\The White Stripes - 2007 - Icky Thump [V0].torrent c:\program files\Azureus\torrents\The White Stripes - De Stijl.torrent c:\program files\Azureus\torrents\The White Stripes - Elephant.torrent c:\program files\Azureus\torrents\The White Stripes - White Blood Cells.torrent c:\program files\Azureus\torrents\The_Broken_Keys-Gravity-(TRUCD103)-CD-2006-OBC.torrent c:\program files\Azureus\torrents\The_Coup-Party_Music-2001-RNS.torrent c:\program files\Azureus\torrents\The_Dead_Milkmen-Not_Richard_But_Dick-1993-rH.torrent c:\program files\Azureus\torrents\The_Doors-Live_In_Boston_1970-3CD-2007-SAW.torrent c:\program files\Azureus\torrents\The_Dragons-BFI-(Ninja_Tune)-LP-2007-soup.torrent c:\program files\Azureus\torrents\The_Heliocentrics-Out_There-2007-C4.torrent c:\program files\Azureus\torrents\They Could Have Made This Album.torrent c:\program files\Azureus\torrents\Thin Line MP3.torrent c:\program files\Azureus\torrents\Thirteen Cosmic Standards.torrent c:\program files\Azureus\torrents\three.torrent c:\program files\Azureus\torrents\Through Silver in Blood.torrent c:\program files\Azureus\torrents\tmv2006-10-02.853.flac16.torrent c:\program files\Azureus\torrents\Today's Empires, Tomorrow's Ashes.torrent c:\program files\Azureus\torrents\TOM WAITS - RAIN DOGS.torrent c:\program files\Azureus\torrents\Tomahawk - Anonymous.torrent c:\program files\Azureus\torrents\Tony Williams - Spring.torrent c:\program files\Azureus\torrents\Tony Williams - Ultimate Tony Williams-1.torrent c:\program files\Azureus\torrents\Tony Williams Lifetime - The Collection.torrent c:\program files\Azureus\torrents\Tool - 10,000 Days Synch.mp3.torrent c:\program files\Azureus\torrents\Tool - 2002-07-21 - Pepsi Center, Denver, CO.torrent c:\program files\Azureus\torrents\TOOL - 2006-05-08 - Dallas.torrent c:\program files\Azureus\torrents\Tool - Kalamazoo, MI 07-15-98 SBD (Darksound Remaster).torrent c:\program files\Azureus\torrents\Tool Wiltern 8.13.01.torrent c:\program files\Azureus\torrents\TOOL_-_(live)_-_August.11.2001_(Berkeley_Community_Theater)_-Demonoid.com-_.torrent c:\program files\Azureus\torrents\TOOL_-_2006-05-02_-_Paramount_Theater_-_Seattle~{Demonoid.com}.torrent c:\program files\Azureus\torrents\Tool_1993_Limited_Edition_Promo_(3_Live_Tracks)-[]Demonoid.com[]_1223306.6206.torrent c:\program files\Azureus\torrents\Toots & The Maytals - Reggae Got Soul [1976-mp3-192].torrent c:\program files\Azureus\torrents\Torche.torrent c:\program files\Azureus\torrents\Tortoise.torrent c:\program files\Azureus\torrents\Tradition - Tell Your friends About Dub (1978 Vinyl 320kbps).torrent c:\program files\Azureus\torrents\Trojan Dub Massive Chapter One (Placed by Bill Laswell).torrent c:\program files\Azureus\torrents\tsog - tsarist occupation government.torrent c:\program files\Azureus\torrents\tuuby and friends.torrent c:\program files\Azureus\torrents\TV On The Radio - Return To Cookie Mountain [2006].torrent c:\program files\Azureus\torrents\Two.torrent c:\program files\Azureus\torrents\UK - UK (1978).torrent c:\program files\Azureus\torrents\Ulmer - Are You Glad to Be In America.torrent c:\program files\Azureus\torrents\Unkle-War_Stories-SURR003CDP-ADVANCE_CD-2007-BPM.torrent c:\program files\Azureus\torrents\Unknown_Instructors-The_Masters_Voice-(Advance)-2007-RTB.torrent c:\program files\Azureus\torrents\Uri_Caine--Moloch_Book_Of_Angels_Volume_6-2006-i8.torrent c:\program files\Azureus\torrents\US 002 - Various Artists - The best of Black Jazz records 1971-1976 (Universal Sound - 1996).torrent c:\program files\Azureus\torrents\US 015 - Steve Reid - Nova (Universal Sound - 2000).torrent c:\program files\Azureus\torrents\US 018 - Various Artists - Impact! rare and unreleased reggae, funk & soul from the vaults of Impact! and Randy's records! (Universal Sound - 2003).torrent c:\program files\Azureus\torrents\US 020 - A Certain Ratio - The graveyard and the ballroom (Universal Sound - 2004).torrent c:\program files\Azureus\torrents\US 021 - A Certain Ratio - To each (Universal Sound - 2004).torrent c:\program files\Azureus\torrents\US 026 - Maulawi - Maulawi (Universal Sound - 1974).torrent c:\program files\Azureus\torrents\US 027 - Hannibal Marvin Peterson - Children of the fire (Universal Sound - 1974).torrent c:\program files\Azureus\torrents\US 028 - Travis Biggs - Challenge (Universal Sound - 2005).torrent c:\program files\Azureus\torrents\v.a. Studio One Rub-A-Dub [soul jazz] 2007.torrent c:\program files\Azureus\torrents\V.S.O.P. - The Quintet.torrent c:\program files\Azureus\torrents\V.torrent c:\program files\Azureus\torrents\V0lume_10-Hip-Hopera_(Advance_Copy)-1994-gtp.torrent c:\program files\Azureus\torrents\VA-Cherrystones_Word-2006-pLAN9.torrent c:\program files\Azureus\torrents\VA-Funk_Fu-Psycho-Funk_vs_Rare_Groove_1970-1976-2000-ba2.torrent c:\program files\Azureus\torrents\VA-Greensleeves_12_Rulers_Henry_Junjo_Lawes_1979-83-RETAIL_CD-2007-R2R.torrent c:\program files\Azureus\torrents\VA-Groove_Pa_Svenska-(Amigo)-CD-2005-mbs.torrent c:\program files\Azureus\torrents\VA-Keb_Darge_And_Cut_Chemist_Presents_Lost_And_Found_Rockabilly_And_Jump_Blues-(Advance)-2CD-2007-SAW.torrent c:\program files\Azureus\torrents\VA-Quantic pres. The Worlds Rarest Funk 45s [Jazzman]-2006.torrent c:\program files\Azureus\torrents\va-quantic_presents_the_worlds_rarest_funk_45s-(jazzman)-cd-2006-obc.torrent c:\program files\Azureus\torrents\VA-Sitar_Beat_Indian_Style_Heavy_Funk_Vol._1-(Guerrilla_Reissues)-2006-soup.torrent c:\program files\Azureus\torrents\VA-Sitar_Beat_Vol.5-(Guerrilla_Funk)-VLS-2006-soup.torrent c:\program files\Azureus\torrents\VA-Soul_Jazz_Records_Presents_New_York_Latin_Hustle-2CD-2007-pLAN9.torrent c:\program files\Azureus\torrents\va-the_joe_beats_experiment_presents_indie_rock_blues-retail-2005-cms.torrent c:\program files\Azureus\torrents\VA-Think_Differently_Music_Presents_Rza-The_Composer-(Bootleg)-2006-41ST.torrent c:\program files\Azureus\torrents\VA - Bastard Jazz Recordings presents... Hear No Evil Volume 1 (Bastard Jazz 2007).torrent c:\program files\Azureus\torrents\VA - Dub For Daze Vol 1 (CD).torrent c:\program files\Azureus\torrents\VA 26 Turkish Beat, Psych and Garage Delights (2001).torrent c:\program files\Azureus\torrents\various - Victoria Phantasia (2002) [FLAC] {Queen Victoria needle-drop}.torrent c:\program files\Azureus\torrents\Various Artists - 2001 - Ropeladder Compilation.torrent c:\program files\Azureus\torrents\Various Artists - Chicago Soul.torrent c:\program files\Azureus\torrents\Various Artists - Classic Soft Rock - 2006 (CD - MP3 - V0 (VBR)).torrent c:\program files\Azureus\torrents\Various Artists - Definitive Jux Presents 4 - 2009 (CD - MP3 - V2 (VBR)).torrent c:\program files\Azureus\torrents\Various Artists - The Doors of Perception - Psychedic Soul and Acid Jazz From NYC 70-74.torrent c:\program files\Azureus\torrents\Various Artists - The Joe Meek Collection - Intergalactic Instro's.torrent c:\program files\Azureus\torrents\Venetian Snares - Rossz Csillag Alatt Született.torrent c:\program files\Azureus\torrents\venetian_snares_-_moonglow_and_this_bitter_earth-(addict021)-vinyl-2004-sq.torrent c:\program files\Azureus\torrents\vinylkiller.torrent c:\program files\Azureus\torrents\Violent Femmes - Hallowed Ground.torrent c:\program files\Azureus\torrents\Violent_Femmes-Violent_Femmes_(Deluxe_Edition)-2CD-2002-aPC.torrent c:\program files\Azureus\torrents\volume 9_10.torrent c:\program files\Azureus\torrents\Volume_10-Pawn_Shop-2007-FTD.torrent c:\program files\Azureus\torrents\wanda.torrent c:\program files\Azureus\torrents\Wave Twisters.torrent c:\program files\Azureus\torrents\Ween - 2003-10-03 Vancouver (13).torrent c:\program files\Azureus\torrents\Ween - Live at Orpheum Theatre 10032003.torrent c:\program files\Azureus\torrents\Ween - the friends ep V0.torrent c:\program files\Azureus\torrents\Ween_La_Cucaracha_(2007)-(Demonoid.com)_1223306.6206.torrent c:\program files\Azureus\torrents\Weldon Irvine - Time Capsule.torrent c:\program files\Azureus\torrents\Weldon_Irvine-Cosmic_Vortex_(Justice_Divine)_(1974)-Remastered-2005-CMS.torrent c:\program files\Azureus\torrents\WGA Patch Kit (permanent) (Windows XP SP2 activation crack) [20060] [20060].torrent c:\program files\Azureus\torrents\What It Is - Various Artists - Box Set.torrent c:\program files\Azureus\torrents\Whats_He_Building_In_There-Whats_He_Building_In_There-2007-MTD.torrent c:\program files\Azureus\torrents\Whipped Cream & Other Delights.torrent c:\program files\Azureus\torrents\Why Do Birds Sing_.torrent c:\program files\Azureus\torrents\William_Cooper_-_JFK_Assassin_Unmasked.torrent c:\program files\Azureus\torrents\Willie Colon - El Juicio.torrent c:\program files\Azureus\torrents\Willie Colon & Hector Lavoe 1967 - 1975 VBR.torrent c:\program files\Azureus\torrents\Willie_Colon-Cosa_Nuestra-1971.torrent c:\program files\Azureus\torrents\WINAMP V.5.5 Pro Full Icons And Lyrics Plug [20075].torrent c:\program files\Azureus\torrents\Windows XP and Vista Speed Secrets.torrent c:\program files\Azureus\torrents\Wu Tang Clan & El Michels Affair - Live at Stubbs BBQ.torrent c:\program files\Azureus\torrents\x - los angeles wild gift.torrent c:\program files\Azureus\torrents\X (2001, eVBR) - Under The Big Black Sun (2001 Reissue).torrent c:\program files\Azureus\torrents\Year zero.torrent c:\program files\Azureus\torrents\Yesterdays_New_Quintet-Yesterdays_Universe-Advance-2007-FTD.torrent c:\program files\Azureus\torrents\Young Marble Giants - Colossal Youth and Collected Works 2CD (2007).torrent c:\program files\Azureus\torrents\Your.Uninstaller.PRO.2008.v6.1.1250.Incl.KeyGen-DVT-FFF.torrent c:\program files\Azureus\torrents\Yoyo.torrent c:\program files\Azureus\torrents\Yusef Lateef - 1961 - Eastern Sounds V0.torrent c:\program files\Azureus\torrents\Zach_Hill_and_Mick_Barr-Shred_Earthship-2006-iTS.torrent c:\program files\Azureus\torrents\zappa A Grandmothers Night At The Gewandhaus.torrent c:\program files\Azureus\torrents\Zaum - Demo Tape.torrent c:\program files\Azureus\torrents\Zurich.torrent c:\program files\Azureus\uninstall.exe c:\program files\Viewpoint c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C.dll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0302021C_.dll c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305000D.dll c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASKSERVICE -------\Legacy_ASKUPGRADE -------\Service_ASKService -------\Service_ASKUpgrade ((((((((((((((((((((((((( Files Created from 2009-12-18 to 2010-01-18 ))))))))))))))))))))))))))))))) . 2010-01-18 19:22 . 2010-01-18 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-01-18 19:22 . 2010-01-18 19:22 -------- d-----w- c:\documents and settings\workstation\Application Data\Office Genuine Advantage 2010-01-16 00:04 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-15 23:16 . 2010-01-15 23:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-07 17:36 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19 . 2010-01-06 17:19 -------- d-----w- c:\program files\TrendMicro 2010-01-02 04:28 . 2010-01-02 04:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-12-30 00:42 . 2009-12-30 00:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-12-23 18:04 . 2009-12-23 18:04 60744 ----a-w- c:\documents and settings\workstation\g2mdlhlpx.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-18 18:24 . 2008-03-06 18:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-18 17:21 . 2009-03-28 17:58 -------- d-----w- c:\program files\LogMeIn 2010-01-14 19:12 . 2009-10-03 06:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 18:15 . 2010-01-11 18:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 20:42 . 2009-12-30 01:33 52224 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-07 20:42 . 2009-12-30 01:33 117760 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-06 21:26 . 2009-03-31 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-06 17:19 . 2010-01-06 17:19 388096 ----a-r- c:\documents and settings\workstation\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-04 17:26 . 2006-04-15 19:32 -------- d-----w- c:\program files\Citrix 2009-12-30 01:33 . 2009-03-31 21:43 -------- d-----w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com 2009-12-17 23:52 . 2006-01-28 21:34 -------- d-----w- c:\documents and settings\workstation\Application Data\Apple Computer 2009-12-16 20:28 . 2009-12-16 20:26 -------- d-----w- c:\program files\Business Objects 2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\workstation\Application Data\LogMeIn Rescue 2009-12-14 20:45 . 2009-12-14 20:45 -------- d-----w- c:\program files\LogMeIn Rescue 2009-12-10 01:37 . 2009-05-19 22:05 -------- d-----w- c:\program files\BeerSmith 2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\documents and settings\workstation\Application Data\Softplicity 2009-11-27 21:16 . 2004-10-21 17:22 71472 ----a-w- c:\documents and settings\workstation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\MSBuild 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\Reference Assemblies 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\program files\Xobni 2009-11-21 15:51 . 1980-01-01 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-16 22:53 . 2002-10-17 00:31 96512 ------w- c:\windows\system32\drivers\atapi.sys 2009-10-29 07:46 . 2004-02-07 01:05 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-26 18:34 . 1980-01-01 07:00 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-23 22:42 . 2009-10-23 22:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe 2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] "HijackThis startup scan"="c:\program files\TrendMicro\HiJackThis\HijackThis.exe" [2009-10-12 388096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-10-26 114688] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-26 118837] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-01 18:01 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^workstation^Start Menu^Programs^Startup^MailWasherPro.lnk] backup=c:\windows\pss\MailWasherPro.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simplify Media] 2009-08-22 00:04 21837320 ----a-w- c:\program files\Simplify Media\SimplifyMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2005-10-25 00:53 307200 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] 2002-07-30 18:35 77824 ----a-w- c:\progra~1\SYMANT~1\SYMANT~1\VPTray.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 7:21 AM 33800] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 1:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 1:07 PM 74480] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 7:21 AM 468224] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 9:59 AM 47640] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 6:19 PM 13592] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 5:46 PM 12856] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-01-07 9:36 AM 38224] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 1:07 PM 7408] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2010-01-18 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] 2010-01-18 c:\windows\Tasks\OGALogon.job - c:\windows\system32\OGAEXEC.exe [2009-08-03 23:07] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 FF - ProfilePath - c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - AddRemove-Azureus - c:\program files\Azureus\Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-18 13:41 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(736) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2196) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\ICO.EXE c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2010-01-18 13:46:47 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-18 21:46 ComboFix2.txt 2010-01-18 18:57 ComboFix3.txt 2010-01-16 00:18 ComboFix4.txt 2009-11-02 21:36 ComboFix5.txt 2010-01-18 21:16 Pre-Run: 5,699,010,560 bytes free Post-Run: 5,654,458,368 bytes free - - End Of File - - DBDDB8D762B8C8AD3CA3D33C277A2579 The file seemed to be sent without any problems. SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 13:51 on 18/01/2010 by workstation (Administrator - Elevation successful) ========== filefind ========== Searching for "*cngaudit.dl*" No files found. -=End Of File=- My computer seems to be running fine. I havent attempted much but what has been requested. Thanks. |
|
|
|
|
Jan 18 2010, 05:18 PM
Post
#23
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Much better! Well done.
That file is bad! Do this..... Open Notepad. Copy contents in the code box into Notepad: CODE @ECHO OFF IF EXIST log.txt DEL log.txt ECHO Deleting files>>log.txt FOR %%g in ( "c:\documents and settings\workstation\g2mdlhlpx.exe") DO ( IF EXIST %%g ( ATTRIB -r -s -h %%g DEL %%g IF EXIST %%g ( ECHO %%g not deleted>>log.txt ) ELSE ( ECHO %%g deleted>>log.txt) ) ELSE ( ECHO %%g not found>>log.txt)) START NOTEPAD.EXE log.txt Go to File - Save as... Fill in the next values: Location: Desktop File name: del.bat File type: All files (*.*). Now, click Save. Doubleclick del.bat. Post the contents of the logfile that opens in your next reply. ========== Please rerun MBAM. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
========== I'd like us to scan your machine with ESET OnlineScan
========== Please download GMER from one of the following locations and save it to your desktop:
========== Re-run DDS & post a log. ========== With your next post please provide: * Log.txt * MBAM log * ESET log * Gmer log * DDS.txt Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.
|
Jan 19 2010, 03:07 PM
Post
#24
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
OK, looks like we're making progress, thank you,
del.bat log: Deleting files "c:\documents and settings\workstation\g2mdlhlpx.exe" deleted MBAM: Malwarebytes' Anti-Malware 1.44 Database version: 3595 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 2010-01-18 15:24 mbam-log-2010-01-18 (15-24-39).txt Scan type: Quick Scan Objects scanned: 120979 "Time elapsed: 4 minute(s), 57 second(s)" Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Eset found no threats The GMER scanned for about 20 mins and then said Scan was stopped, not sure if that meant it was done or something interfered. GMER log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-19 10:49:27 Windows 5.1.2600 Service Pack 3 Running: sp87oukr.exe; Driver: C:\DOCUME~1\WORKST~1\LOCALS~1\Temp\kwtdrpob.sys ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys The system cannot find the file specified. ! ? C:\thcbytes\catchme.sys The system cannot find the path specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1732] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\AIM6\aolsoftware.exe[3400] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by workstation at 10:51:32.09 on 2010-01-19 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.867 [GMT -8:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\workstation\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [HijackThis startup scan] c:\program files\trendmicro\hijackthis\HijackThis.exe /startupscan mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director6/cabs/SW.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143164918645 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38163.7808101852 DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://openfieldsupport.webex.com/client/latest/support/ieatgpc.cab TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\workst~1\applic~1\mozilla\firefox\profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480] R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-28 47640] R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] S3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060208.008\NAVENG.sys [2006-2-9 77864] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060208.008\NAVEX15.sys [2006-2-9 750952] S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-01-18 19:22:09 0 d-----w- c:\docume~1\workst~1\applic~1\Office Genuine Advantage 2010-01-16 00:04:35 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-07 17:36:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19:09 0 d-----w- c:\program files\TrendMicro ==================== Find3M ==================== 2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-10 06:54:07 261632 ----a-w- c:\windows\PEV.exe 2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe 2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-10-26 18:34:56 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-25 14:11:34 77312 ----a-w- c:\windows\MBR.exe 2008-09-11 16:27:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat ============= FINISH: 10:52:32.66 =============== Thanks again
Attached File(s)
|
|
|
|
|
Jan 19 2010, 04:58 PM
Post
#25
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Did you have Symantec/Norton Antivirus at one time? You still have drivers running. I would recommend removing them. They might interfere with other drivers or processes.
Do this... Run this Uninstaller Reboot. =========== Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it. -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually. Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer. ========== Post a new DDS log. Thanks, ~ t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
|
Jan 19 2010, 07:10 PM
Post
#26
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
There was an old norton anti virus program on here, I have long since tried to uninstall it. The program you linked to states I must remove the program Symantec Antivirus 8 from the add/remove screen before continuing but it does not show there. I removed and updated the java program.
One strange thing I notice is the eset ui looks like there are items missing. The drop down menus at the top do not show up and the buttons for pausing and canceling updates are all black. Thanks. |
|
|
|
|
Jan 19 2010, 10:08 PM
Post
#27
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Hello,
 Few things... 1st - How long have you noticed the ESET ui to be messed up. Please also see my pm and only respond to the pm with a pm. Your ESET is likely corrupt. I think you should consider removing ESET by way of Add/Remove. I will nuke any leftovers. If you decide to remove ESET please do this.........
========== 2nd - In regards to Symantec. That is all I needed to know. I will manually nuke those drivers soon. ========== With your next post please provide: * Did you uninstall ESET? * Did you install a new AV? * New AV log * New DDS log please Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
|
Jan 20 2010, 03:10 PM
Post
#28
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
Uninstalled ESET
Of the three reccomended, I went with avira based on reviews I read and posts. I did experience problems with the update module, the scan for updates would stall everytime I ran it so I followed the steps to manually update the vir def. Here is the log from the failed updates if you have any ideas there: Avira AntiVir Personal - Free Antivirus Updater Creation time: Wed Jan 20 10:50:39 2010 Operating system: Windows XP (Service Pack 3) [5.1.2600] Product information: Product version: 9.0.0.415 Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 9.0.0.52 Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 9.0.0.6 Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\ Installation Directory: C:\Program Files\Avira\AntiVir Desktop\ Updater folder: C:\Program Files\Avira\AntiVir Desktop\ AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\ [UPD] [INFO] Checking whether newer files are available. [UPD] [INFO] Select update server 'http://62.146.66.184/update'. [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Select update server 'http://62.146.66.178/update'. [UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Select update server 'http://80.190.143.241/update'. [UPD] [INFO] Downloading of 'http://80.190.143.241/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://80.190.143.241/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://80.190.143.241/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Select update server 'http://80.190.143.236/update'. [UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Select update server 'http://62.146.66.185/update'. [UPD] [INFO] Downloading of 'http://62.146.66.185/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.185/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.185/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Select update server 'http://62.146.66.188/update'. [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPD] [WARNING] The update was terminated by the user. [UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library. [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'. [UPDLIB] [ERROR] Update aborted by the user. [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 522. Summary: ******** 0 Files downloaded 0 Files installed 10:56:16 The update failed! After manual updating here is the scan results: Avira AntiVir Personal Report file date: Wednesday, January 20, 2010 11:02 Scanning for 1620081 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : ASHLEY Version information: BUILD.DAT : 9.0.0.415 21609 Bytes 11/8/2009 10:00:00 AVSCAN.EXE : 9.0.3.10 466689 Bytes 10/13/2009 19:26:33 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 01:37:46 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:37:46 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 01:37:46 VBASE003.VDF : 7.10.3.2 2048 Bytes 1/20/2010 01:37:46 VBASE004.VDF : 7.10.3.3 2048 Bytes 1/20/2010 01:37:46 VBASE005.VDF : 7.10.3.4 2048 Bytes 1/20/2010 01:37:46 VBASE006.VDF : 7.10.3.5 2048 Bytes 1/20/2010 01:37:46 VBASE007.VDF : 7.10.3.6 2048 Bytes 1/20/2010 01:37:46 VBASE008.VDF : 7.10.3.7 2048 Bytes 1/20/2010 01:37:46 VBASE009.VDF : 7.10.3.8 2048 Bytes 1/20/2010 01:37:46 VBASE010.VDF : 7.10.3.9 2048 Bytes 1/20/2010 01:37:46 VBASE011.VDF : 7.10.3.10 2048 Bytes 1/20/2010 01:37:46 VBASE012.VDF : 7.10.3.11 2048 Bytes 1/20/2010 01:37:46 VBASE013.VDF : 7.10.3.12 2048 Bytes 1/20/2010 01:37:46 VBASE014.VDF : 7.10.3.13 2048 Bytes 1/20/2010 01:37:46 VBASE015.VDF : 7.10.3.14 2048 Bytes 1/20/2010 01:37:46 VBASE016.VDF : 7.10.3.15 2048 Bytes 1/20/2010 01:37:46 VBASE017.VDF : 7.10.3.16 2048 Bytes 1/20/2010 01:37:46 VBASE018.VDF : 7.10.3.17 2048 Bytes 1/20/2010 01:37:46 VBASE019.VDF : 7.10.3.18 2048 Bytes 1/20/2010 01:37:46 VBASE020.VDF : 7.10.3.19 2048 Bytes 1/20/2010 01:37:46 VBASE021.VDF : 7.10.3.20 2048 Bytes 1/20/2010 01:37:46 VBASE022.VDF : 7.10.3.21 2048 Bytes 1/20/2010 01:37:46 VBASE023.VDF : 7.10.3.22 2048 Bytes 1/20/2010 01:37:46 VBASE024.VDF : 7.10.3.23 2048 Bytes 1/20/2010 01:37:46 VBASE025.VDF : 7.10.3.24 2048 Bytes 1/20/2010 01:37:46 VBASE026.VDF : 7.10.3.25 2048 Bytes 1/20/2010 01:37:46 VBASE027.VDF : 7.10.3.26 2048 Bytes 1/20/2010 01:37:46 VBASE028.VDF : 7.10.3.27 2048 Bytes 1/20/2010 01:37:46 VBASE029.VDF : 7.10.3.28 2048 Bytes 1/20/2010 01:37:46 VBASE030.VDF : 7.10.3.29 2048 Bytes 1/20/2010 01:37:46 VBASE031.VDF : 7.10.3.30 2048 Bytes 1/20/2010 01:37:46 Engineversion : 8.2.1.146 AEVDF.DLL : 8.1.1.2 106867 Bytes 1/21/2010 01:37:46 AESCRIPT.DLL : 8.1.3.9 659834 Bytes 1/21/2010 01:37:46 AESCN.DLL : 8.1.3.1 127348 Bytes 1/21/2010 01:37:46 AESBX.DLL : 8.1.1.1 246132 Bytes 1/21/2010 01:37:46 AERDL.DLL : 8.1.3.4 479605 Bytes 1/21/2010 01:37:46 AEPACK.DLL : 8.2.0.5 422262 Bytes 1/21/2010 01:37:46 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 1/21/2010 01:37:46 AEHEUR.DLL : 8.1.0.195 2232695 Bytes 1/21/2010 01:37:46 AEHELP.DLL : 8.1.10.0 237942 Bytes 1/21/2010 01:37:46 AEGEN.DLL : 8.1.1.83 369014 Bytes 1/21/2010 01:37:46 AEEMU.DLL : 8.1.1.0 393587 Bytes 1/21/2010 01:37:46 AECORE.DLL : 8.1.9.5 184693 Bytes 1/21/2010 01:37:46 AEBB.DLL : 8.1.0.3 53618 Bytes 1/21/2010 01:37:46 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59 AVPREF.DLL : 9.0.3.0 44289 Bytes 8/26/2009 23:14:02 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58 RCTEXT.DLL : 9.0.73.0 86785 Bytes 10/13/2009 20:25:47 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+PCK,+SPR, Start of the scan: Wednesday, January 20, 2010 11:02 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TfKbMon\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 [INFO] The registry entry is invisible. '58968' objects were checked, '1' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'winvnc4.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned Scan process 'aim6.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'LMIGuardian.exe' - '1' Module(s) have been scanned Scan process 'ramaint.exe' - '1' Module(s) have been scanned Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned Scan process 'FSRremoS.EXE' - '1' Module(s) have been scanned Scan process 'ico.exe' - '1' Module(s) have been scanned Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned Scan process 'SMTray.exe' - '1' Module(s) have been scanned Scan process 'hkcmd.exe' - '1' Module(s) have been scanned Scan process 'igfxtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 44 processes with 44 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '64' files ). Starting the file scan: Begin scan in 'C:\' <IBM_PRELOAD> C:\hiberfil.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\Documents and Settings\workstation\370_gotomypc.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program C:\Documents and Settings\workstation\dBpowerAMP-codec-mp4.exe [DETECTION] Is the TR/Agent.462474.A Trojan C:\Documents and Settings\workstation\gotomypc_370.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program C:\Documents and Settings\workstation\Application Data\MailWasherPro\mwLog.20070613 [0] Archive type: MIME [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus --> file0.txt [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus C:\Documents and Settings\workstation\Desktop\rkill.pif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) C:\Program Files\Citrix\GoToMyPC\370\gotomypc_370.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program C:\Program Files\KillProcess\KillProcess.dll [DETECTION] Contains recognition pattern of the SPR/Tool.PsKill.BJ program Beginning disinfection: C:\Documents and Settings\workstation\370_gotomypc.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program [NOTE] The file was moved to '4b876078.qua'! C:\Documents and Settings\workstation\dBpowerAMP-codec-mp4.exe [DETECTION] Is the TR/Agent.462474.A Trojan [NOTE] The file was moved to '4bc76083.qua'! C:\Documents and Settings\workstation\gotomypc_370.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program [NOTE] The file was moved to '4bcb60b0.qua'! C:\Documents and Settings\workstation\Application Data\MailWasherPro\mwLog.20070613 [DETECTION] Contains recognition pattern of the HTML/Spoofing.Gen HTML script virus [NOTE] The file was moved to '4ba360b9.qua'! C:\Documents and Settings\workstation\Desktop\rkill.pif [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was moved to '4bc060ad.qua'! C:\Program Files\Citrix\GoToMyPC\370\gotomypc_370.exe [DETECTION] Contains recognition pattern of the SPR/Tool.RemoteControl.B program [NOTE] The file was moved to '4bcb60b1.qua'! C:\Program Files\KillProcess\KillProcess.dll [DETECTION] Contains recognition pattern of the SPR/Tool.PsKill.BJ program [NOTE] The file was moved to '4bc360ac.qua'! End of the scan: Wednesday, January 20, 2010 11:57 Used time: 54:35 Minute(s) The scan has been done completely. 11382 Scanned directories 349586 Files were scanned 8 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 7 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 349576 Files not concerned 8242 Archives were scanned 2 Warnings 9 Notes 58968 Objects were scanned with rootkit scan 1 Hidden objects were found DDS: DDS (Ver_09-12-01.01) - NTFSx86 Run by workstation at 11:59:27.53 on 2010-01-20 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.807 [GMT -8:00] AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\workstation\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Mouse Suite 98 Daemon] ICO.EXE mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director6/cabs/SW.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143164918645 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38163.7808101852 DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://openfieldsupport.webex.com/client/latest/support/ieatgpc.cab TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 Notify: igfxcui - igfxsrvc.dll Notify: LMIinit - LMIinit.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\workst~1\applic~1\mozilla\firefox\profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\application data\mozilla\firefox\profiles\n6c1jjlx.default\extensions\technicianconsole@logmeinrescue.com\platform\winnt\plugins\npRescue.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-20 11608] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-20 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-20 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-20 55656] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-3-28 47640] R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060208.008\NAVENG.sys [2006-2-9 77864] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060208.008\NAVEX15.sys [2006-2-9 750952] S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408] S4 LMIRfsClientNP;LMIRfsClientNP; [x] =============== Created Last 30 ================ 2010-01-20 17:42:45 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 17:42:40 0 d-----w- c:\program files\Avira 2010-01-20 17:42:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-01-20 00:00:07 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-01-20 00:00:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-18 19:22:09 0 d-----w- c:\docume~1\workst~1\applic~1\Office Genuine Advantage 2010-01-16 00:04:35 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-07 17:36:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36:35 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19:09 0 d-----w- c:\program files\TrendMicro ==================== Find3M ==================== 2010-01-14 19:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe 2009-12-10 06:54:07 261632 ----a-w- c:\windows\PEV.exe 2009-10-28 14:36:11 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe 2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe 2009-10-28 06:54:16 634632 ----a-w- c:\windows\system32\dllcache\iexplore.exe 2009-10-28 06:52:46 161792 ------w- c:\windows\system32\dllcache\ieakui.dll 2009-10-26 18:34:56 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-25 14:11:34 77312 ----a-w- c:\windows\MBR.exe 2008-09-11 16:27:19 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091120080912\index.dat ============= FINISH: 11:59:56.03 =============== Do you have a preference of the 3 av you suggested? Thanks for helping me I really appreciate it.
Attached File(s)
|
|
|
|
|
Jan 20 2010, 09:36 PM
Post
#29
|
|
|
Bleepin' Malware Removal Teacher Group: Malware Response Instructor Posts: 7,304 Joined: 9-December 08 Member No.: 267,653 |
Hi,
No. I don't have a favorite AV. I have a laptop with Avira free. A PC with AVG free. Another PC with Avast free. And many Linux distros with no AV! Is Avira updating ok now? 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it: QUOTE DDS:: TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File Folder:: c:\program files\symantec_client_security c:\progra~1\common~1\symant~1 Driver:: NAVAPEL NAVAP NAVENG NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060208.008\NAVEX15.sys [2006-2-9 750952] Norton AntiVirus Server Symantec AntiVirus Client Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. ========== With your next post please provide: * Avira updating ok? * Combofix.txt * Any further problems? Kind regards, ~t -------------------- Proud member - Unified Network of Instructors and Trained Eliminators
I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost! http://organdonor.gov/donor/index.htm |
|
|
|
|
Jan 21 2010, 01:59 PM
Post
#30
|
|
|
Member Group: Members Posts: 16 Joined: 6-January 10 Member No.: 430,166 |
Avira seems to be updating ok at this point.
Here is my combofix log: ComboFix 10-01-15.01 - workstation 2010-01-21 10:27:43.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.753 [GMT -8:00] Running from: c:\documents and settings\workstation\Desktop\thcbytes.exe Command switches used :: c:\documents and settings\workstation\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\progra~1\common~1\symant~1 c:\progra~1\common~1\symant~1\SevInst.Exe c:\progra~1\common~1\symant~1\SSC\exchngui.ldl c:\progra~1\common~1\symant~1\SSC\ExchngUI.ocx c:\progra~1\common~1\symant~1\SSC\LDDateTm.ocx c:\progra~1\common~1\symant~1\SSC\LDVPCtls.ocx c:\progra~1\common~1\symant~1\SSC\LDVPDlgs.ocx c:\progra~1\common~1\symant~1\SSC\ldvptask.ldl c:\progra~1\common~1\symant~1\SSC\LDVPTask.ocx c:\progra~1\common~1\symant~1\SSC\ldvpui.ldl c:\progra~1\common~1\symant~1\SSC\ldvpui.ocx c:\progra~1\common~1\symant~1\SSC\ldvpview.ldl c:\progra~1\common~1\symant~1\SSC\LDVPView.ocx c:\progra~1\common~1\symant~1\SSC\scandlgs.dll c:\progra~1\common~1\symant~1\SSC\Transman.dll c:\progra~1\common~1\symant~1\SSC\vpshell2.dll c:\progra~1\common~1\symant~1\SSC\webshell.dll c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\CATALOG.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\CCERASER.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ECBOOTIL.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ECMSVR32.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\EECTRL.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ERASER.GRD c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ERASER.SIG c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ERASER.SPM c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ERASER.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\esrdef.bin c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ESRDEF.XML c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\HH c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVENG.EXP c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVENG.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVENG.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVENG32.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVEX15.EXP c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVEX15.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVEX15.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NAVEX32A.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\NCSACERT.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\scrauth.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\symaveng.cat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\symaveng.inf c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\SYMERASE.CAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\SYMERASE.INF c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\TCDEFS.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\TCSCAN7.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\TCSCAN8.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\TCSCAN9.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\TECHNOTE.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\tinf.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\tinfidx.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\tinfl.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\tscan1.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\tscan1hd.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\V.GRD c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\V.SIG c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN.INF c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN1.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN2.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN3.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN4.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN5.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN6.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN7.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN8.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCAN9.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\VIRSCANT.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\vscanmsx.dat c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\WHATSNEW.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060202.023\ZDONE.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\CATALOG.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\CCERASER.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ECBOOTIL.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ECMSVR32.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\EECTRL.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ERASER.GRD c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ERASER.SIG c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ERASER.SPM c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ERASER.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\esrdef.bin c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ESRDEF.XML c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\HH c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVENG.EXP c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVENG.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVENG.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVENG32.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVEX15.EXP c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVEX15.SYS c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVEX15.VXD c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NAVEX32A.DLL c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\NCSACERT.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\scrauth.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\symaveng.cat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\symaveng.inf c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\SYMERASE.CAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\SYMERASE.INF c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\TCDEFS.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\TCSCAN7.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\TCSCAN8.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\TCSCAN9.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\TECHNOTE.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\tinf.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\tinfidx.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\tinfl.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\tscan1.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\tscan1hd.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\V.GRD c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\V.SIG c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN.INF c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN1.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN2.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN3.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN4.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN5.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN6.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN7.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN8.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCAN9.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\VIRSCANT.DAT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\vscanmsx.dat c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\WHATSNEW.TXT c:\progra~1\common~1\symant~1\VirusDefs\20060208.008\ZDONE.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\catalog.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\CCERASER.DLL c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ECBOOTIL.VXD c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ECMSVR32.DLL c:\progra~1\common~1\symant~1\VirusDefs\BinHub\EECTRL.SYS c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ERASER.GRD c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ERASER.SIG c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ERASER.SPM c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ERASER.SYS c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ESRDEF.BIN c:\progra~1\common~1\symant~1\VirusDefs\BinHub\HH c:\progra~1\common~1\symant~1\VirusDefs\BinHub\naveng.exp c:\progra~1\common~1\symant~1\VirusDefs\BinHub\naveng.sys c:\progra~1\common~1\symant~1\VirusDefs\BinHub\naveng.vxd c:\progra~1\common~1\symant~1\VirusDefs\BinHub\naveng32.dll c:\progra~1\common~1\symant~1\VirusDefs\BinHub\navex15.exp c:\progra~1\common~1\symant~1\VirusDefs\BinHub\navex15.sys c:\progra~1\common~1\symant~1\VirusDefs\BinHub\navex15.vxd c:\progra~1\common~1\symant~1\VirusDefs\BinHub\navex32a.dll c:\progra~1\common~1\symant~1\VirusDefs\BinHub\ncsacert.txt c:\progra~1\common~1\symant~1\VirusDefs\BinHub\scrauth.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\symaveng.cat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\symaveng.inf c:\progra~1\common~1\symant~1\VirusDefs\BinHub\SYMERASE.CAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\SYMERASE.INF c:\progra~1\common~1\symant~1\VirusDefs\BinHub\TCDEFS.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\TCSCAN7.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\TCSCAN8.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\TCSCAN9.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\technote.txt c:\progra~1\common~1\symant~1\VirusDefs\BinHub\tinf.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\tinfidx.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\tinfl.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\tscan1.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\tscan1hd.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\V.GRD c:\progra~1\common~1\symant~1\VirusDefs\BinHub\V.SIG c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan.inf c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan1.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan2.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan3.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan4.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan5.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan6.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan7.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan8.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\virscan9.dat c:\progra~1\common~1\symant~1\VirusDefs\BinHub\VIRSCANT.DAT c:\progra~1\common~1\symant~1\VirusDefs\BinHub\whatsnew.txt c:\progra~1\common~1\symant~1\VirusDefs\BinHub\zdone.dat c:\progra~1\common~1\symant~1\VirusDefs\definfo.dat c:\progra~1\common~1\symant~1\VirusDefs\TextHub\virscant.dat c:\progra~1\common~1\symant~1\VirusDefs\usage.dat c:\program files\symantec_client_security c:\program files\symantec_client_security\Symantec AntiVirus\_ISNAVNT.ULG c:\program files\symantec_client_security\Symantec AntiVirus\chan32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\Cliproxy.dll c:\program files\symantec_client_security\Symantec AntiVirus\Cliscan.dll c:\program files\symantec_client_security\Symantec AntiVirus\clninst.bat c:\program files\symantec_client_security\Symantec AntiVirus\COUNTRY.DAT c:\program files\symantec_client_security\Symantec AntiVirus\Ctl3d.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2AMG.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2ARJ.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2CAB.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2EXE.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2GZIP.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2HQX.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2ID.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2LHA.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2LZ.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2MIME.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2RTF.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2SS.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2TAR.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2TNEF.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2UUE.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec2Zip.dll c:\program files\symantec_client_security\Symantec AntiVirus\Dec3.cfg c:\program files\symantec_client_security\Symantec AntiVirus\DecSDK.dll c:\program files\symantec_client_security\Symantec AntiVirus\DefAnnty.dll c:\program files\symantec_client_security\Symantec AntiVirus\Default.hst c:\program files\symantec_client_security\Symantec AntiVirus\defloc.dat c:\program files\symantec_client_security\Symantec AntiVirus\DefWatch.exe c:\program files\symantec_client_security\Symantec AntiVirus\DWHWizrd.exe c:\program files\symantec_client_security\Symantec AntiVirus\enuact.cnt c:\program files\symantec_client_security\Symantec AntiVirus\ENUCORE.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUCTLS.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUDLGS.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUGLOSS.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENULOTUS.HLP c:\program files\symantec_client_security\Symantec AntiVirus\enuopt.cnt c:\program files\symantec_client_security\Symantec AntiVirus\ENURSCUE.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUTASK.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUVIEW.HLP c:\program files\symantec_client_security\Symantec AntiVirus\enuvpc32.cnt c:\program files\symantec_client_security\Symantec AntiVirus\ENUVPUI.HLP c:\program files\symantec_client_security\Symantec AntiVirus\ENUXCHNG.HLP c:\program files\symantec_client_security\Symantec AntiVirus\filter.dat c:\program files\symantec_client_security\Symantec AntiVirus\I2ldvp3.dll c:\program files\symantec_client_security\Symantec AntiVirus\LDVPREG.exe c:\program files\symantec_client_security\Symantec AntiVirus\LuaWrap.exe c:\program files\symantec_client_security\Symantec AntiVirus\LuHstEdt.dll c:\program files\symantec_client_security\Symantec AntiVirus\N32call.dll c:\program files\symantec_client_security\Symantec AntiVirus\N32vlist.dll c:\program files\symantec_client_security\Symantec AntiVirus\Navap.sys c:\program files\symantec_client_security\Symantec AntiVirus\Navap32.dll c:\program files\symantec_client_security\Symantec AntiVirus\Navapel.sys c:\program files\symantec_client_security\Symantec AntiVirus\navapi32.dll c:\program files\symantec_client_security\Symantec AntiVirus\navcust2.dll c:\program files\symantec_client_security\Symantec AntiVirus\NavInsNT.dll c:\program files\symantec_client_security\Symantec AntiVirus\NAVLU.dll c:\program files\symantec_client_security\Symantec AntiVirus\NAVNTUTL.DLL c:\program files\symantec_client_security\Symantec AntiVirus\navustub.exe c:\program files\symantec_client_security\Symantec AntiVirus\nnewdefs.dll c:\program files\symantec_client_security\Symantec AntiVirus\patch32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\PLATFORM.DAT c:\program files\symantec_client_security\Symantec AntiVirus\qscomm32.dll c:\program files\symantec_client_security\Symantec AntiVirus\qsinfo.dll c:\program files\symantec_client_security\Symantec AntiVirus\qspak32.dll c:\program files\symantec_client_security\Symantec AntiVirus\Rec2.dll c:\program files\symantec_client_security\Symantec AntiVirus\Rtvscan.exe c:\program files\symantec_client_security\Symantec AntiVirus\s32luhl1.dll c:\program files\symantec_client_security\Symantec AntiVirus\S32NAVR.DLL c:\program files\symantec_client_security\Symantec AntiVirus\SavRoam.exe c:\program files\symantec_client_security\Symantec AntiVirus\SCANCFG.DAT c:\program files\symantec_client_security\Symantec AntiVirus\SCANDLVR.DLL c:\program files\symantec_client_security\Symantec AntiVirus\SCANDRES.DLL c:\program files\symantec_client_security\Symantec AntiVirus\sdflt32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\sdpck32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\sdsnd32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\sdsok32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\sdstp32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\Smstr32i.dll c:\program files\symantec_client_security\Symantec AntiVirus\SymClnUp.exe c:\program files\symantec_client_security\Symantec AntiVirus\VPC32.exe c:\program files\symantec_client_security\Symantec AntiVirus\vpdebug.log c:\program files\symantec_client_security\Symantec AntiVirus\VPDN_LU.exe c:\program files\symantec_client_security\Symantec AntiVirus\vpmsece.dll c:\program files\symantec_client_security\Symantec AntiVirus\VPTray.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NAVAP -------\Legacy_NAVAPEL -------\Legacy_NAVENG -------\Legacy_NORTON_ANTIVIRUS_SERVER -------\Service_NAVAP -------\Service_NAVAPEL -------\Service_NAVENG -------\Service_Norton AntiVirus Server -------\Legacy_DefWatch -------\Service_DefWatch ((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 ))))))))))))))))))))))))))))))) . 2010-01-20 17:42 . 2010-01-20 23:47 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-01-20 17:42 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-01-20 17:42 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-01-20 17:42 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-01-20 17:42 . 2010-01-20 17:42 -------- d-----w- c:\program files\Avira 2010-01-20 17:42 . 2010-01-20 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-01-20 00:00 . 2010-01-20 00:00 -------- d-----w- c:\program files\Common Files\Java 2010-01-20 00:00 . 2010-01-19 23:59 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-18 19:22 . 2010-01-18 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-01-18 19:22 . 2010-01-18 19:22 -------- d-----w- c:\documents and settings\workstation\Application Data\Office Genuine Advantage 2010-01-16 00:04 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-15 23:16 . 2010-01-15 23:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2010-01-07 17:36 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 17:36 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 17:36 . 2010-01-11 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-06 17:19 . 2010-01-06 17:19 -------- d-----w- c:\program files\TrendMicro 2010-01-02 04:28 . 2010-01-02 04:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AdobeUM 2009-12-30 00:42 . 2009-12-30 00:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-21 18:26 . 2009-03-28 17:58 -------- d-----w- c:\program files\LogMeIn 2010-01-21 18:09 . 2010-01-21 18:09 1956072 ----a-w- c:\documents and settings\workstation\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe 2010-01-20 19:57 . 2009-01-16 19:35 -------- d-----w- c:\program files\KillProcess 2010-01-20 19:57 . 2006-10-12 16:43 -------- d-----w- c:\documents and settings\workstation\Application Data\MailWasherPro 2010-01-20 18:49 . 2009-09-23 18:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 00:00 . 2010-01-20 00:00 61440 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-16c0ac3a-n\decora-sse.dll 2010-01-20 00:00 . 2010-01-20 00:00 503808 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-16c0ac3a-n\msvcp71.dll 2010-01-20 00:00 . 2010-01-20 00:00 499712 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-16c0ac3a-n\jmc.dll 2010-01-20 00:00 . 2010-01-20 00:00 348160 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-16c0ac3a-n\msvcr71.dll 2010-01-20 00:00 . 2010-01-20 00:00 12800 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-16c0ac3a-n\decora-d3d.dll 2010-01-20 00:00 . 2010-01-20 00:00 114688 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-473783e4-n\jogl_cg.dll 2010-01-20 00:00 . 2010-01-20 00:00 315392 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-473783e4-n\jogl.dll 2010-01-20 00:00 . 2010-01-20 00:00 20480 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-473783e4-n\jogl_awt.dll 2010-01-20 00:00 . 2010-01-20 00:00 20480 ----a-w- c:\documents and settings\workstation\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-7cfcafba-n\gluegen-rt.dll 2010-01-19 23:59 . 2006-03-28 21:01 -------- d-----w- c:\program files\Java 2010-01-18 23:26 . 2009-10-26 18:41 -------- d-----w- c:\program files\ESET 2010-01-18 18:24 . 2008-03-06 18:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-14 19:12 . 2009-10-03 06:12 181120 ------w- c:\windows\system32\MpSigStub.exe 2010-01-11 18:15 . 2010-01-11 18:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-07 20:42 . 2009-12-30 01:33 52224 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-01-07 20:42 . 2009-12-30 01:33 117760 ----a-w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-01-06 21:26 . 2009-03-31 21:43 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-06 17:19 . 2010-01-06 17:19 388096 ----a-r- c:\documents and settings\workstation\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-04 17:26 . 2006-04-15 19:32 -------- d-----w- c:\program files\Citrix 2009-12-30 01:33 . 2009-03-31 21:43 -------- d-----w- c:\documents and settings\workstation\Application Data\SUPERAntiSpyware.com 2009-12-17 23:52 . 2006-01-28 21:34 -------- d-----w- c:\documents and settings\workstation\Application Data\Apple Computer 2009-12-16 20:28 . 2009-12-16 20:26 -------- d-----w- c:\program files\Business Objects 2009-12-14 20:46 . 2009-12-14 20:46 -------- d-----w- c:\documents and settings\workstation\Application Data\LogMeIn Rescue 2009-12-14 20:45 . 2009-12-14 20:45 -------- d-----w- c:\program files\LogMeIn Rescue 2009-12-10 01:37 . 2009-05-19 22:05 -------- d-----w- c:\program files\BeerSmith 2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\documents and settings\workstation\Application Data\Softplicity 2009-11-27 21:16 . 2004-10-21 17:22 71472 ----a-w- c:\documents and settings\workstation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\MSBuild 2009-11-27 20:08 . 2009-11-27 20:08 -------- d-----w- c:\program files\Reference Assemblies 2009-11-24 17:41 . 2009-11-24 17:41 -------- d-----w- c:\program files\Xobni 2009-11-21 15:51 . 1980-01-01 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-16 22:53 . 2002-10-17 00:31 96512 ------w- c:\windows\system32\drivers\atapi.sys 2009-10-29 07:46 . 2004-02-07 01:05 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 1980-01-01 07:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-10-26 18:34 . 1980-01-01 07:00 114688 ----a-w- c:\windows\system32\hkcmd.exe 2009-10-23 22:42 . 2009-10-23 22:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2009-10-26 114688] "Smapp"="c:\program files\Analog Devices\SoundMAX\Smtray.exe" [2002-06-26 90112] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2009-10-26 118837] "Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 57344] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2009-10-01 18:01 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^workstation^Start Menu^Programs^Startup^MailWasherPro.lnk] backup=c:\windows\pss\MailWasherPro.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-09-21 23:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 08:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Simplify Media] 2009-08-22 00:04 21837320 ----a-w- c:\program files\Simplify Media\SimplifyMedia.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] 2005-10-25 00:53 307200 ----a-w- c:\program files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 1:07 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 1:07 PM 74480] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-01-20 9:42 AM 108289] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 5:46 PM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-03-28 9:59 AM 47640] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 6:19 PM 13592] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 1:07 PM 7408] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2010-01-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {CBB73A67-6A88-46AD-B288-CB8ED82415D5} = 192.168.1.99,206.13.28.12,206.13.29.12 FF - ProfilePath - c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.startup.homepage - hxxps://www.stubhub.com/?gSec=login&goto=%2F%3FgSec%3Dbulkupload%26&cb=1141 FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\documents and settings\workstation\Application Data\Mozilla\Firefox\Profiles\n6c1jjlx.default\extensions\TechnicianConsole@logmeinrescue.com\platform\WINNT\plugins\npRescue.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-21 10:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll - - - - - - - > 'lsass.exe'(740) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(3304) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\LMIRfsClientNP.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LogMeIn\x86\RaMaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\RealVNC\VNC4\WinVNC4.exe c:\windows\system32\ICO.EXE c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\AIM6\aolsoftware.exe . ************************************************************************** . Completion time: 2010-01-21 10:50:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-21 18:50 ComboFix2.txt 2010-01-18 21:46 ComboFix3.txt 2010-01-18 18:57 ComboFix4.txt 2010-01-16 00:18 ComboFix5.txt 2010-01-21 18:25 Pre-Run: 5,135,622,144 bytes free Post-Run: 5,078,593,536 bytes free - - End Of File - - E1F7827103D0DA9FAA0230515CF78B80 My computer is running fine at this point, I really cant thank you enough for all of your help, plenty of good ekarma coming your way. Any other programs you might reccomend for protection or cleaning up some of the uneeded stuff on my computer? Cheers, B |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 6th September 2010 - 03:34 AM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.