Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer - Mostly Video Playback stutters and/or crashes


  • This topic is locked This topic is locked
16 replies to this topic

#1 cichlidnut

cichlidnut

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 22 February 2009 - 10:45 PM

System seems very sluggish last couple of weeks and video play is very slow (intermittently when streaming, and video playback off of hard drive) watching videos in HD on YouTube is impossible. I have high-speed DSL.

Media Center crashes as soon as I open it. Suspected maybe a bios driver update is necessary but am WAY too afraid to try it. My kids sync their iPod Touch on here and may have done something but I can't see what it is.

Internal video card (I need to upgrade)
Intel Pentium D 2.80GHz
2.0GB RAM
32-bit OS

Processor goes from 3% to 100% and holds for several seconds, up and down constantly even when no apparent programs are running. Did Kaspersky on line scan, found nada.

DDS.txt

---------------------------------


DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 22:33:22.75 on Sun 02/22/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaāā€˛¢ Home Premium 6.0.6001.1.1252.2.1033.18.1982.823 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\PROGRA~1\GRISOF~1\avgamsvr.exe
C:\PROGRA~1\GRISOF~1\avgupsvc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\PROGRA~1\GRISOF~1\avgemc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft AVG7\avgcc.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Users\Joe\Downloads\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127

\SearchSettings.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG7_CC] c:\progra~1\grisof~1\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
dRun: [AVG7_Run] c:\progra~1\grisof~1\avgw.exe /RUNONCE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program

files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: avgwlntf - avgwlntf.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-

39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component:

c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin:

c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-

msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2007-12-27 53768]

=============== Created Last 30 ================

2009-02-16 15:06 380,928 a------- c:\windows\system32\ac3filter.acm
2009-02-16 15:06 <DIR> --d----- c:\program files\AC3Filter
2009-02-16 14:53 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 23:16 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 23:16 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 23:16 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 23:16 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 07:21 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 07:21 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-29 17:09 <DIR> --d----- c:\users\joe\Tracing
2009-01-29 17:04 <DIR> --d----- c:\program files\Microsoft
2009-01-29 17:04 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-01-29 16:50 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-02-22 20:28 12,442 a------- c:\users\joe\appdata\roaming\wklnhst.dat
2008-12-14 21:38 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstor.dat
2008-10-05 23:04 51,200 a------- c:\windows\inf\infpub.dat
2008-09-06 11:36 94,112 a------- c:\users\joe\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-06-11 06:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-10 02:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32

\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008031720080324\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32

\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008040520080406\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet

explorer\userdata\index.dat

============= FINISH: 22:34:59.06 ===============

Attached Files


Edited by cichlidnut, 22 February 2009 - 10:46 PM.


BC AdBot (Login to Remove)

 


#2 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 26 February 2009 - 10:01 AM

I know we're not supposed to bump topics but it would seem that this has been lost in the shuffle.

Anyone?......

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:16 PM

Posted 01 March 2009 - 04:23 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 02 March 2009 - 10:05 PM

Latest log.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 21:59:55.30 on Mon 03/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1982.1211 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\GRISOF~1\avgamsvr.exe
C:\PROGRA~1\GRISOF~1\avgupsvc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\PROGRA~1\GRISOF~1\avgemc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Joe\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG7_CC] c:\progra~1\grisof~1\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
dRun: [AVG7_Run] c:\progra~1\grisof~1\avgw.exe /RUNONCE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: avgwlntf - avgwlntf.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2007-12-27 53768]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-21 810320]

=============== Created Last 30 ================

2009-02-24 20:57 <DIR> --d----- C:\Maureen's resume
2009-02-16 15:06 380,928 a------- c:\windows\system32\ac3filter.acm
2009-02-16 15:06 <DIR> --d----- c:\program files\AC3Filter
2009-02-16 14:53 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 23:16 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 23:16 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 23:16 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 23:16 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 07:21 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 07:21 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

==================== Find3M ====================

2009-03-02 18:56 13,264 a------- c:\users\joe\appdata\roaming\wklnhst.dat
2008-12-14 21:38 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstor.dat
2008-10-05 23:04 51,200 a------- c:\windows\inf\infpub.dat
2008-09-06 11:36 94,112 a------- c:\users\joe\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-06-11 06:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-10 02:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008031720080324\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008040520080406\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat

============= FINISH: 22:01:30.51 ===============

Attached Files



#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:16 PM

Posted 03 March 2009 - 10:27 AM

Hi

You seem to have P2P software installed there. I recommend getting rid of it since P2P networks are nowadays one of the worst sources of infections.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 March 2009 - 10:54 AM

Thank you. Will this scan get rid of the P2P software or do I have to do that manually? If so, can you give me instructions on how to do that?

Combofix log.

----------------------------------------

ComboFix 09-03-03.01 - Joe 2009-03-04 10:25:43.1 - NTFSx86
Microsoft® Windows Vistaā„¢ Home Premium 6.0.6001.1.1252.2.1033.18.1982.1025 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-02-24 20:57 . 2009-02-24 21:03 <DIR> d-------- C:\Maureen's resume
2009-02-16 15:06 . 2009-02-16 15:06 <DIR> d-------- c:\program files\AC3Filter
2009-02-16 15:06 . 2007-08-18 02:54 380,928 --a------ c:\windows\System32\ac3filter.acm
2009-02-16 14:53 . 2009-02-16 14:53 <DIR> d-------- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-14 23:16 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-14 23:16 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-14 23:16 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-14 23:16 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 07:21 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 07:21 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 09:14 . 2009-02-13 12:37 <DIR> d-------- c:\users\Melissa\Tracing
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 15:22 --------- d-----w c:\users\Joe\AppData\Roaming\AVG7
2009-03-04 13:40 --------- d-----w c:\program files\Grisoft AVG7
2009-03-02 23:56 13,264 ----a-w c:\users\Joe\AppData\Roaming\wklnhst.dat
2009-02-26 12:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 00:13 --------- d-----w c:\program files\Microsoft Location Finder
2009-02-23 00:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 00:03 --------- d-----w c:\program files\Google
2009-02-21 00:33 --------- d-----w c:\program files\Windows Live
2009-02-20 12:20 --------- d-----w c:\users\Maureen.Fred\AppData\Roaming\AVG7
2009-02-16 19:43 --------- d-----w c:\users\Joe\AppData\Roaming\Azureus
2009-02-13 17:38 --------- d-----w c:\users\Melissa\AppData\Roaming\LimeWire
2009-02-13 17:37 --------- d-----w c:\users\Melissa\AppData\Roaming\AVG7
2009-02-12 08:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 12:59 --------- d-----w c:\program files\Vuze
2009-01-29 22:08 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-29 22:07 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-29 22:04 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-29 22:04 --------- d-----w c:\program files\Microsoft
2009-01-29 21:50 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-17 13:34 --------- d-----w c:\program files\DivX
2009-01-16 02:41 --------- d-----w c:\programdata\avg7
2009-01-16 02:41 --------- d-----w c:\program files\Free Video Converter
2009-01-13 00:41 --------- d-----w c:\users\Melissa\AppData\Roaming\Apple Computer
2009-01-13 00:11 904 ----a-w c:\users\Melissa\AppData\Roaming\wklnhst.dat
2008-12-15 02:38 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-06 16:36 94,112 ----a-w c:\users\Joe\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-06-10 07:23 174 --sha-w c:\program files\desktop.ini
2008-06-06 19:44 94,112 ----a-w c:\users\Alicia\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-31 01:06 94,112 ----a-w c:\users\Melissa\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-02-07 18:50 0 ----a-w c:\users\Alicia\AppData\Roaming\wklnhst.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031720080324\index.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040520080406\index.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\GRISOF~1\avgcc.exe" [2009-02-24 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\GRISOF~1\avgw.exe" [2007-12-27 219136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-09-18 147456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2007-12-27 19:59 9216 c:\windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2233093180-2369787038-2007354687-1000]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2233093180-2369787038-2007354687-1004]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0894E3C2-CD2F-465B-B91F-A74999A35D5F}d:\\stubinstaller.exe"= UDP:D:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{51D086DB-DF25-4FE6-8515-D455F5537E0C}d:\\stubinstaller.exe"= TCP:D:\stubinstaller.exe:LimeWire swarmed installer
"{BF581DB5-4102-40F7-9DD3-42BB15E3B475}"= UDP:c:\users\Joe\AppData\Roaming\Facebook\facebook.exe:Facebook
"{4BEA7C07-50DC-414F-B86A-49B33D64F7C0}"= TCP:c:\users\Joe\AppData\Roaming\Facebook\facebook.exe:Facebook
"TCP Query User{FCAC08CE-8D2D-4C84-9248-6045FE081AC9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9A8EAC3B-1E76-4123-AE1A-9B5F44EBD455}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{CD59461A-C50D-4CD3-9A8B-18841C55EC27}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{9779B419-6871-4649-8D0D-0FBFDA31F3C4}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{6E4E882B-0944-455F-812B-D9737E2E6E30}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{C3F98F19-AD3F-46C8-8029-EEDCC5611603}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{4EA3359B-ABC4-4DC9-8E7E-EA17E6B84FF5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD7E0E9E-B93A-4AE6-8872-6B375991B6B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\drivers\avgwfp.sys [2007-12-27 53768]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-02-21 810320]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{12F17292-72E7-445B-8188-DEEB821CF502}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{60422B67-EE65-4E21-9AEE-097BC036BC42}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{9C532E9D-19D6-448D-A678-436DBFF50058}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{B5F4A3DD-B030-4CB9-9893-4A0F1AB48CA4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{C4281ED8-7F9A-4A9C-BAE5-B6970A2A26CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
1 file(s) moved.
FF - component: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 10:29:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-04 10:32:37
ComboFix-quarantined-files.txt 2009-03-04 15:32:32

Pre-Run: 36,507,172,864 bytes free
Post-Run: 36,911,177,728 bytes free

163 --- E O F --- 2009-03-03 12:43:24
----------------------------------------------------------------

New dds log

----------------------------------------------------------------


DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 10:49:00.37 on Wed 03/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vistaā„¢ Home Premium 6.0.6001.1.1252.2.1033.18.1982.1165 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\GRISOF~1\avgamsvr.exe
C:\PROGRA~1\GRISOF~1\avgupsvc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\PROGRA~1\GRISOF~1\avgemc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Grisoft AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Joe\Downloads\dds(2).scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG7_CC] c:\progra~1\grisof~1\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
dRun: [AVG7_Run] c:\progra~1\grisof~1\avgw.exe /RUNONCE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: avgwlntf - avgwlntf.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2007-12-27 53768]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-21 810320]

=============== Created Last 30 ================

2009-03-04 10:24 161,792 a------- c:\windows\SWREG.exe
2009-03-04 10:24 98,816 a------- c:\windows\sed.exe
2009-03-04 10:24 <DIR> --d----- C:\ComboFix
2009-02-24 20:57 <DIR> --d----- C:\Maureen's resume
2009-02-16 15:06 380,928 a------- c:\windows\system32\ac3filter.acm
2009-02-16 15:06 <DIR> --d----- c:\program files\AC3Filter
2009-02-16 14:53 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 23:16 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 23:16 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 23:16 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 23:16 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 07:21 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 07:21 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

==================== Find3M ====================

2009-03-04 10:41 13,352 a------- c:\users\joe\appdata\roaming\wklnhst.dat
2008-12-14 21:38 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstor.dat
2008-10-05 23:04 51,200 a------- c:\windows\inf\infpub.dat
2008-09-06 11:36 94,112 a------- c:\users\joe\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-06-11 06:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-10 02:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008031720080324\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008040520080406\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat

============= FINISH: 10:51:20.92 ===============

Attached Files


Edited by cichlidnut, 04 March 2009 - 10:57 AM.


#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:16 PM

Posted 04 March 2009 - 12:24 PM

Hi

P2P programs must be uninstalled thru add/remove programs:
LimeWire 4.18.8
Vuze



Uninstall also these vulnerable Java versions:
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7




Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
D:\stubinstaller.exe

Folder::
c:\users\Joe\AppData\Roaming\Azureus
c:\users\Melissa\AppData\Roaming\LimeWire
c:\program files\Vuze
c:\program files\Search Settings
c:\program files\LimeWire
c:\program files\BitTorrent

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchSettings"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{0894E3C2-CD2F-465B-B91F-A74999A35D5F}d:\\stubinstaller.exe"=-
"UDP Query User{51D086DB-DF25-4FE6-8515-D455F5537E0C}d:\\stubinstaller.exe"=-
"{CD59461A-C50D-4CD3-9A8B-18841C55EC27}"=-
"{9779B419-6871-4649-8D0D-0FBFDA31F3C4}"=-
"TCP Query User{6E4E882B-0944-455F-812B-D9737E2E6E30}c:\\program files\\vuze\\azureus.exe"=-
"UDP Query User{C3F98F19-AD3F-46C8-8029-EEDCC5611603}c:\\program files\\vuze\\azureus.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

DDS::
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.



Please download GooredFix and save it to your Desktop. Right click Goored.exe and select 'run as administrator' to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 March 2009 - 11:18 PM

Latest Combofix log.

---------------------------------------------

ComboFix 09-03-03.01 - Joe 2009-03-04 13:31:56.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1982.1247 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
D:\stubinstaller.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.14.12.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.7.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Vuze
c:\program files\Vuze\.install4j\_shfoldr.dll
c:\program files\Vuze\.install4j\autoUninstall.0
c:\program files\Vuze\.install4j\files.log
c:\program files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Vuze\.install4j\i4j_extf_1_5p83tu_3ozw4w.png
c:\program files\Vuze\.install4j\i4j_extf_10_5p83tu.txt
c:\program files\Vuze\.install4j\i4j_extf_11_5p83tu.dll
c:\program files\Vuze\.install4j\i4j_extf_2_5p83tu_1vdagjj.png
c:\program files\Vuze\.install4j\i4j_extf_3_5p83tu_1hxg2db.png
c:\program files\Vuze\.install4j\i4j_extf_4_5p83tu_jhp9vg.png
c:\program files\Vuze\.install4j\i4j_extf_5_5p83tu.txt
c:\program files\Vuze\.install4j\i4j_extf_6_5p83tu_1kde336.ico
c:\program files\Vuze\.install4j\i4j_extf_7_5p83tu_62t8mu.icns
c:\program files\Vuze\.install4j\i4j_extf_8_5p83tu.exe
c:\program files\Vuze\.install4j\i4j_extf_9_5p83tu_1hamnt3.png
c:\program files\Vuze\.install4j\i4jdel.exe
c:\program files\Vuze\.install4j\i4jinst.dll
c:\program files\Vuze\.install4j\i4jparams.conf
c:\program files\Vuze\.install4j\i4jruntime.jar
c:\program files\Vuze\.install4j\inst_jre.cfg
c:\program files\Vuze\.install4j\install.prop
c:\program files\Vuze\.install4j\installation.log
c:\program files\Vuze\.install4j\MessagesDefault
c:\program files\Vuze\.install4j\response.varfile
c:\program files\Vuze\.install4j\unicows.dll
c:\program files\Vuze\.install4j\user.jar
c:\program files\Vuze\aereg.dll
c:\program files\Vuze\Azureus.exe
c:\program files\Vuze\Azureus.exe.manifest
c:\program files\Vuze\Azureus.properties
c:\program files\Vuze\Azureus2.jar
c:\program files\Vuze\AzureusUpdater.exe
c:\program files\Vuze\GPL.txt
c:\program files\Vuze\installer.log
c:\program files\Vuze\msvcr71.dll
c:\program files\Vuze\plugins\azemp\azemp_2.0.16.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.28.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.28.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.32.zip
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.jar
c:\program files\Vuze\plugins\azemp\azemp_2.0.34.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\azureus.sig
c:\program files\Vuze\plugins\azemp\cp1250-a.raw
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.28
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.32
c:\program files\Vuze\plugins\azemp\plugin.properties_2.0.34
c:\program files\Vuze\plugins\azplugins\azplugins_2.1.6.jar
c:\program files\Vuze\plugins\azrating\azrating_1.3.1.jar
c:\program files\Vuze\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Vuze\plugins\azupdater\azureus.sig
c:\program files\Vuze\plugins\azupdater\plugin.properties
c:\program files\Vuze\plugins\azupdater\Updater.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.2.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.5.zip
c:\program files\Vuze\plugins\azupnpav\azureus.sig
c:\program files\Vuze\plugins\azupnpav\plugin.properties
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.5
c:\program files\Vuze\swt.jar
c:\program files\Vuze\TOS.txt
c:\program files\Vuze\uninstall.exe
c:\users\Joe\AppData\Roaming\Azureus
c:\users\Joe\AppData\Roaming\Azureus\.certs
c:\users\Joe\AppData\Roaming\Azureus\.keystore
c:\users\Joe\AppData\Roaming\Azureus\.lock
c:\users\Joe\AppData\Roaming\Azureus\active\1ABB4D064E6CBF9B7D1AB96368545B77BA01C822.dat
c:\users\Joe\AppData\Roaming\Azureus\active\1ABB4D064E6CBF9B7D1AB96368545B77BA01C822.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\2B24D8DBDDA4DCB044672EB0AF6C224E92E038C7.dat
c:\users\Joe\AppData\Roaming\Azureus\active\2B24D8DBDDA4DCB044672EB0AF6C224E92E038C7.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\701077BAFF0D33A5FDDD6F4318D497F049054942.dat
c:\users\Joe\AppData\Roaming\Azureus\active\701077BAFF0D33A5FDDD6F4318D497F049054942.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\7B1DEAA6C7F2BBD5D1600A4FCC01ED72D8484DA6.dat
c:\users\Joe\AppData\Roaming\Azureus\active\7B1DEAA6C7F2BBD5D1600A4FCC01ED72D8484DA6.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\87C6503837D6E9B6158F1513DF897F69ADEA8B39.dat
c:\users\Joe\AppData\Roaming\Azureus\active\87C6503837D6E9B6158F1513DF897F69ADEA8B39.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\8C09690A32B6DC06F25027EF77D9200CBB618B06.dat
c:\users\Joe\AppData\Roaming\Azureus\active\8C09690A32B6DC06F25027EF77D9200CBB618B06.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\92A6581F25671EFC8FDCEAB0B1D5B55BB95A6711.dat
c:\users\Joe\AppData\Roaming\Azureus\active\92A6581F25671EFC8FDCEAB0B1D5B55BB95A6711.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\active\cache.dat
c:\users\Joe\AppData\Roaming\Azureus\azureus.config
c:\users\Joe\AppData\Roaming\Azureus\azureus.config.bak
c:\users\Joe\AppData\Roaming\Azureus\azureus.statistics
c:\users\Joe\AppData\Roaming\Azureus\azureus.statistics.bak
c:\users\Joe\AppData\Roaming\Azureus\banips.config
c:\users\Joe\AppData\Roaming\Azureus\banips.config.bak
c:\users\Joe\AppData\Roaming\Azureus\cnetworks.config
c:\users\Joe\AppData\Roaming\Azureus\dht\addresses.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\contacts.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\diverse.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\general.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\net3\addresses.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\net3\contacts.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\net3\diverse.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\net3\version.dat
c:\users\Joe\AppData\Roaming\Azureus\dht\version.dat
c:\users\Joe\AppData\Roaming\Azureus\downloads.config
c:\users\Joe\AppData\Roaming\Azureus\downloads.config.bak
c:\users\Joe\AppData\Roaming\Azureus\friends.config
c:\users\Joe\AppData\Roaming\Azureus\friends.config.bak
c:\users\Joe\AppData\Roaming\Azureus\ipfilter.cache
c:\users\Joe\AppData\Roaming\Azureus\logs\alerts_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\AutoSpeed_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\AutoSpeed_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\AutoSpeedSearchHistory_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\clientid_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\CNetworks_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\debug_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\debug_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\MetaSearch_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\MetaSearch_Engine_3.txt
c:\users\Joe\AppData\Roaming\Azureus\logs\NetStatus_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_alerts_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_AutoSpeed_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_AutoSpeed_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_AutoSpeedSearchHistory_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_AutoSpeedSearchHistory_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_clientid_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_CNetworks_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_debug_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_debug_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_MetaSearch_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_MetaSearch_Engine_3.txt
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_NetStatus_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_seltrace_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_SpeedMan_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_SpeedMan_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_Subscriptions_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_thread_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_thread_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.ads_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.CMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.PMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234370174261_v3.Stream_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_alerts_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_AutoSpeed_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_AutoSpeed_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_AutoSpeedSearchHistory_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_AutoSpeedSearchHistory_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_clientid_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_CNetworks_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_debug_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_debug_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_MetaSearch_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_MetaSearch_Engine_3.txt
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_NetStatus_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_seltrace_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_SpeedMan_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_SpeedMan_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_Subscriptions_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_thread_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_thread_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.ads_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.CMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.PMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234442017303_v3.Stream_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_alerts_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_AutoSpeed_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_AutoSpeed_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_AutoSpeedSearchHistory_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_AutoSpeedSearchHistory_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_clientid_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_CNetworks_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_debug_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_debug_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_MetaSearch_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_MetaSearch_Engine_3.txt
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_NetStatus_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_seltrace_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_SpeedMan_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_SpeedMan_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_Subscriptions_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_thread_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_thread_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.ads_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.CMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.PMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\save\1234587800055_v3.Stream_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\seltrace_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\SpeedMan_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\SpeedMan_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\Subscriptions_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\thread_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\thread_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.ads_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.CMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.Friends_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.Friends_2.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.PMsgr_1.log
c:\users\Joe\AppData\Roaming\Azureus\logs\v3.Stream_1.log
c:\users\Joe\AppData\Roaming\Azureus\metasearch.config
c:\users\Joe\AppData\Roaming\Azureus\metasearch.config.bak
c:\users\Joe\AppData\Roaming\Azureus\net\pm_577.dat
c:\users\Joe\AppData\Roaming\Azureus\net\pm_default.dat
c:\users\Joe\AppData\Roaming\Azureus\sidebarauto.config
c:\users\Joe\AppData\Roaming\Azureus\sidebarauto.config.bak
c:\users\Joe\AppData\Roaming\Azureus\subs\01FE0E4954FEEB299706.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\139A8300ABC5040DC23A.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\19EC54B29A537B770A77.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\208AA03209FE7B12D93B.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\3899974FA488B341844A.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\3C1C33756A83CC05D595.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\400B09C6BFC041C77125.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\47D01B51E6FACC969E1D.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\49B3D1C2E64A103657EB.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\52C6D09A02BBB590C252.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\581765478D3517627C73.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\632A20E73961F1C133F2.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\65CE3C46ACE1B29F7AF8.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\6F6C319AA5155346D98E.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\723BA36259640B96B9B3.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\74F7267F1BCBC66CB79C.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\7A114F07CF73CD4CE8C0.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\83F9D7CFBA5E7496ACC5.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\877DE646BBA32072FE0A.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\87E23B1872099785E348.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\93B716386602D52C6EB7.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\BBA708018991E48BD0CC.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\BE8F00128E16C2645C50.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\C3B91E11F73F2962453E.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\CE11435E5FDCEEC24285.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\DB8EBA0A8243FAC1DD16.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\DCD20AB6684A16AA1475.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\DD363D0E2748BF4E93D8.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\E6AC5022A8D2E871D934.vuze
c:\users\Joe\AppData\Roaming\Azureus\subs\FC3A8DCD49B069BC8D8F.vuze
c:\users\Joe\AppData\Roaming\Azureus\subscriptions.config
c:\users\Joe\AppData\Roaming\Azureus\subscriptions.config.bak
c:\users\Joe\AppData\Roaming\Azureus\tables.config
c:\users\Joe\AppData\Roaming\Azureus\tables.config.bak
c:\users\Joe\AppData\Roaming\Azureus\timingstats.dat
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU1514365318141957222.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU1801176593572421131.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU195317113520208917.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU3032181409753871800.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU3511227644828058478.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU582396261875258853.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU5989041259101222376.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU7288018814368604526.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU782606843723099904.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU8461848368335965080.tmp
c:\users\Joe\AppData\Roaming\Azureus\tmp\AZU9184504318100024148.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU1604824718596842969.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU162.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU29877.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU37825.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU37828.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU6557.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU8519060340820385880.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\AZU9223037014121114359.tmp
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S04E23.PDTV.XviD-LOL.3469002.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S05E02.XviD.NLSUBBED-Elixion.3394146.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S05E05.PDTV.XviD-LOL.3409150.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S05E09.PDTV.XviD-LOL.3429538.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S05E11.PDTV.XviD-LOL.3437740.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family.Guy.S06E18.PDTV.XviD-LOL.3693607.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family_Guy_-_S04E24_(424)_-_Sibling_Rivalry__C_P_.avi.3468998.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Family_Guy_S04E02_-__Fast_Times_at_Buddy_Cianci_Jr__High.3328723.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Our.Gang.Little.Rascals.Episodes.Disk.1.3586627.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\torrents\Our.Gang.Little.Rascals.Episodes.Disk.2.3646114.TPB.torrent
c:\users\Joe\AppData\Roaming\Azureus\tracker.config
c:\users\Joe\AppData\Roaming\Azureus\tracker.config.bak
c:\users\Joe\AppData\Roaming\Azureus\unsentdata.config
c:\users\Joe\AppData\Roaming\Azureus\unsentdata.config.bak
c:\users\Joe\AppData\Roaming\Azureus\update.log
c:\users\Joe\AppData\Roaming\Azureus\update.properties
c:\users\Joe\AppData\Roaming\Azureus\upnp_trace1.log
c:\users\Joe\AppData\Roaming\Azureus\upnp_trace2.log
c:\users\Joe\AppData\Roaming\Azureus\v3.Friends.dat
c:\users\Joe\AppData\Roaming\Azureus\v3.Friends.dat.bak
c:\users\Joe\AppData\Roaming\Azureus\VuzeActivities.config
c:\users\Joe\AppData\Roaming\Azureus\VuzeActivities.config.bak
c:\users\Melissa\AppData\Roaming\LimeWire
c:\users\Melissa\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Melissa\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Melissa\AppData\Roaming\LimeWire\downloads.dat
c:\users\Melissa\AppData\Roaming\LimeWire\fileurns.bak
c:\users\Melissa\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Melissa\AppData\Roaming\LimeWire\filters.props
c:\users\Melissa\AppData\Roaming\LimeWire\installation.props
c:\users\Melissa\AppData\Roaming\LimeWire\library.dat
c:\users\Melissa\AppData\Roaming\LimeWire\limewire.props
c:\users\Melissa\AppData\Roaming\LimeWire\mojito.props
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Melissa\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Melissa\AppData\Roaming\LimeWire\questions.props
c:\users\Melissa\AppData\Roaming\LimeWire\simpp.xml
c:\users\Melissa\AppData\Roaming\LimeWire\tables.props
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme.lwtp
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\01_star.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\02_star.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\03_star.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\04_star.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\05_star.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\chat.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\forward_dn.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\forward_up.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\kill.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\kill_on.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\pause_dn.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\pause_up.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\play_dn.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\play_up.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\question.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\rewind_dn.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\rewind_up.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\stop_dn.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\stop_up.gif
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\theme.txt
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\version.txt
c:\users\Melissa\AppData\Roaming\LimeWire\themes\windows_theme\warning.gif
c:\users\Melissa\AppData\Roaming\LimeWire\version.xml
c:\users\Melissa\AppData\Roaming\LimeWire\versions.props
c:\users\Melissa\AppData\Roaming\LimeWire\xml\data\audio.sxml2
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

.
((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-02-24 20:57 . 2009-02-24 21:03 <DIR> d-------- C:\Maureen's resume
2009-02-16 15:06 . 2009-02-16 15:06 <DIR> d-------- c:\program files\AC3Filter
2009-02-16 15:06 . 2007-08-18 02:54 380,928 --a------ c:\windows\System32\ac3filter.acm
2009-02-16 14:53 . 2009-02-16 14:53 <DIR> d-------- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-14 23:16 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-14 23:16 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-14 23:16 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-14 23:16 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-11 07:21 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 07:21 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-08 09:14 . 2009-02-13 12:37 <DIR> d-------- c:\users\Melissa\Tracing
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 15:41 13,352 ----a-w c:\users\Joe\AppData\Roaming\wklnhst.dat
2009-03-04 15:36 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-04 15:22 --------- d-----w c:\users\Joe\AppData\Roaming\AVG7
2009-03-04 13:40 --------- d-----w c:\program files\Grisoft AVG7
2009-02-26 12:34 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 00:13 --------- d-----w c:\program files\Microsoft Location Finder
2009-02-23 00:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-23 00:03 --------- d-----w c:\program files\Google
2009-02-21 00:33 --------- d-----w c:\program files\Windows Live
2009-02-20 12:20 --------- d-----w c:\users\Maureen.Fred\AppData\Roaming\AVG7
2009-02-13 17:37 --------- d-----w c:\users\Melissa\AppData\Roaming\AVG7
2009-02-12 08:00 --------- d-----w c:\program files\Windows Mail
2009-01-29 22:08 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-29 22:07 --------- d-----w c:\program files\Microsoft Sync Framework
2009-01-29 22:04 --------- d-----w c:\program files\Windows Live SkyDrive
2009-01-29 22:04 --------- d-----w c:\program files\Microsoft
2009-01-29 21:50 --------- d-----w c:\program files\Common Files\Windows Live
2009-01-17 13:34 --------- d-----w c:\program files\DivX
2009-01-16 02:41 --------- d-----w c:\programdata\avg7
2009-01-16 02:41 --------- d-----w c:\program files\Free Video Converter
2009-01-13 00:41 --------- d-----w c:\users\Melissa\AppData\Roaming\Apple Computer
2009-01-13 00:11 904 ----a-w c:\users\Melissa\AppData\Roaming\wklnhst.dat
2008-12-15 02:38 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
2008-09-06 16:36 94,112 ----a-w c:\users\Joe\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-06-10 07:23 174 --sha-w c:\program files\desktop.ini
2008-06-06 19:44 94,112 ----a-w c:\users\Alicia\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-05-31 01:06 94,112 ----a-w c:\users\Melissa\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-02-07 18:50 0 ----a-w c:\users\Alicia\AppData\Roaming\wklnhst.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008031720080324\index.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008040520080406\index.dat
2008-04-05 12:39 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-04_10.30.20.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-04 12:23:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-03-04 15:43:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-03-04 12:23:18 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-03-04 15:43:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-03-04 15:29:11 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-03-04 15:44:53 1,572,864 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-03-04 12:27:09 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-03-04 15:45:49 1,572,864 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-03-04 12:27:58 11,876 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2233093180-2369787038-2007354687-1000_UserData.bin
+ 2009-03-04 15:46:26 11,876 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2233093180-2369787038-2007354687-1000_UserData.bin
- 2009-03-04 12:27:57 47,058 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-04 15:46:25 47,058 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-03-04 12:27:56 38,880 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-03-04 15:46:21 38,880 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="c:\progra~1\GRISOF~1\avgcc.exe" [2009-02-24 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\GRISOF~1\avgw.exe" [2007-12-27 219136]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-20 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2007-12-27 19:59 9216 c:\windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2233093180-2369787038-2007354687-1000]
"EnableNotificationsRef"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2233093180-2369787038-2007354687-1004]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BF581DB5-4102-40F7-9DD3-42BB15E3B475}"= UDP:c:\users\Joe\AppData\Roaming\Facebook\facebook.exe:Facebook
"{4BEA7C07-50DC-414F-B86A-49B33D64F7C0}"= TCP:c:\users\Joe\AppData\Roaming\Facebook\facebook.exe:Facebook
"TCP Query User{FCAC08CE-8D2D-4C84-9248-6045FE081AC9}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{9A8EAC3B-1E76-4123-AE1A-9B5F44EBD455}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4EA3359B-ABC4-4DC9-8E7E-EA17E6B84FF5}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CD7E0E9E-B93A-4AE6-8872-6B375991B6B5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\System32\drivers\avgwfp.sys [2007-12-27 53768]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-02-21 810320]
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\User_Feed_Synchronization-{12F17292-72E7-445B-8188-DEEB821CF502}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{60422B67-EE65-4E21-9AEE-097BC036BC42}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{9C532E9D-19D6-448D-A678-436DBFF50058}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{B5F4A3DD-B030-4CB9-9893-4A0F1AB48CA4}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]

2009-03-04 c:\windows\Tasks\User_Feed_Synchronization-{C4281ED8-7F9A-4A9C-BAE5-B6970A2A26CA}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-04 13:36:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-04 13:39:30
ComboFix-quarantined-files.txt 2009-03-04 18:39:27
ComboFix2.txt 2009-03-04 15:32:38

Pre-Run: 36,530,479,104 bytes free
Post-Run: 36,186,730,496 bytes free

597 --- E O F --- 2009-03-03 12:43:24


--------------------------------------------------------------------

Latest DDS log

--------------------------------------------------------------------


DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 13:40:24.54 on Wed 03/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1982.1164 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\GRISOF~1\avgamsvr.exe
C:\PROGRA~1\GRISOF~1\avgupsvc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\PROGRA~1\GRISOF~1\avgemc.exe
C:\PROGRA~1\GRISOF~1\avgrssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Joe\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = 63.149.98.48:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [AVG7_CC] c:\progra~1\grisof~1\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
dRun: [AVG7_Run] c:\progra~1\grisof~1\avgw.exe /RUNONCE
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Notify: avgwlntf - avgwlntf.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\nkp75t4a.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll

============= SERVICES / DRIVERS ===============

R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 AvgWFP;AVG7 Firewall Driver x86;c:\windows\system32\drivers\avgwfp.sys [2007-12-27 53768]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-21 810320]

=============== Created Last 30 ================

2009-03-04 13:30 <DIR> --d----- C:\ComboFix
2009-03-04 10:24 161,792 a------- c:\windows\SWREG.exe
2009-03-04 10:24 98,816 a------- c:\windows\sed.exe
2009-02-24 20:57 <DIR> --d----- C:\Maureen's resume
2009-02-16 15:06 380,928 a------- c:\windows\system32\ac3filter.acm
2009-02-16 15:06 <DIR> --d----- c:\program files\AC3Filter
2009-02-16 14:53 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-02-14 23:16 428,544 a------- c:\windows\system32\EncDec.dll
2009-02-14 23:16 217,088 a------- c:\windows\system32\psisrndr.ax
2009-02-14 23:16 293,376 a------- c:\windows\system32\psisdecd.dll
2009-02-14 23:16 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-02-14 23:16 80,896 a------- c:\windows\system32\MSNP.ax
2009-02-11 07:21 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 07:21 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll

==================== Find3M ====================

2009-03-04 10:41 13,352 a------- c:\users\joe\appdata\roaming\wklnhst.dat
2008-12-14 21:38 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-05 23:04 86,016 a------- c:\windows\inf\infstor.dat
2008-10-05 23:04 51,200 a------- c:\windows\inf\infpub.dat
2008-09-06 11:36 94,112 a------- c:\users\joe\appdata\roaming\GDIPFONTCACHEV1.DAT
2008-06-11 06:45 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-10 02:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008031720080324\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008040520080406\index.dat
2008-04-05 07:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\internet explorer\userdata\index.dat

============= FINISH: 13:41:08.62 ===============


---------------------------------------------------

Kaspersky results were all zero

Attached Files


Edited by cichlidnut, 04 March 2009 - 11:45 PM.


#9 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 04 March 2009 - 11:23 PM

Goodred Log

-----------------------------------------------

GooredFix v1.91 by jpshortstuff
Log created at 23:19 on 04/03/2009 running Option #1 (Joe)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

---------------------------------------------------

Computer performance seems better however video playback is still sketchy. Full screen video playback or HD video playback on YouTube staggers and freezes. When I use Media Center, it crashes almost immediately. I suspected a sub-par video card, it's internal. A friend suggested updating the bios driver but doing that is risky.

Perhaps buying a better, external video card will solve the problem?

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:16 PM

Posted 05 March 2009 - 11:36 AM

Perhaps buying a better, external video card will solve the problem?

Hi

I'm not good at hardware. :thumbup2: Anyway, you should also defrag hard drive if not done lately. Do all videos on your system also have problems? Could you try VLC player to see how videos work there. I saw some codec related stuff there in your log. Sometimes those may mess up with player. I personally like VLC player better. Don't need to play with codecs since it has support for most of them already :)


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type "c:\users\Joe\Desktop\ComboFix.exe" /u in the runbox and click OK
Click Start >> Run and then copy/paste the following into the box and hit Enter:
%userprofile%\Desktop\GooredFix.exe /uninstall
If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 05 March 2009 - 12:23 PM

Sorry, I have Vista. No run box, just a "Start Search" box. I know it's a stupid question but how do uninstall using vista? Putting "c:\users\Joe\Desktop\ComboFix.exe" /u into the box only wants to run Combofix and I want to make sure it's done properly.

Also, I've have repeatedly tried to defrag and it never lets me. It always tells me that it isn't necessary. I have NEVER defraged this computer in over two years because I can't figure out how to override it. It gives no option to defrag anyway.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:16 PM

Posted 05 March 2009 - 03:35 PM

Hi

You can access run box in Vista by pressing window button+R. I recommend doing defrag with free JKDefrag.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 05 March 2009 - 04:23 PM

Thanks.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:16 PM

Posted 06 March 2009 - 10:09 AM

You're welcome :thumbup2:

Did you try VLC player?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 cichlidnut

cichlidnut
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 07 March 2009 - 10:03 AM

I did and it seems to play the videos better. I can go full screen without any issues. Watching HD video streaming is still a problem but I think it's a hardware issue. I'm going to buy an external video card and see if that makes things better.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users