Ready for more System Security

View previous topic View next topic Go down

Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:36 am

Hey all...

It's been a long 19 hours as I've been trying to work my magic.

I believe I've gotten most of the nasty thing out, with just little hidden stuff remaining. I cannot install MBAM even if I rename it.

Here is my Hijack This Log... Hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:36:12 AM, on 7/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
G:\DAN BROWN UNIVERSE\winlogon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [librtexec] javaw -jar "C:\Program Files\Java\jre6\lib\librtexec.jar"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - S-1-5-18 Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'Default user')
O4 - .DEFAULT User Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'Default user')
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Save with Download Manager... - [You must be registered and logged in to see this link.] Files\Ctrax Player\DMDownload.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - [You must be registered and logged in to see this link.]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: sduijb.dll,C:\DOCUME~1\Kevin\LOCALS~1\Temp\47040187227mxx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13557 bytes

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 3:34 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O20 - AppInit_DLLs: sduijb.dll,C:\DOCUME~1\Kevin\LOCALS~1\Temp\47040187227mxx.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 3:58 pm

Thanks for the response.

Still cannot Install Malwarebytes Anti-Malware even if I rename the setup file to something out there such as "flowers.exe" or "flowers.bat"

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 4:09 pm

Rename it to winlogon.exe, or userinit.exe. Both of those are system filename and if done correctly, won't get blocked.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 4:22 pm

Set up started, however it froze in the finishing stages.

Now if I double click on the icon on the desktop it doesn't load, but the process runs. But the program does not appear on screen.

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 4:23 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 4:39 pm

I got Malwarebytes Anti-Malware to run by renaming the actual program. Here's the log:

Malwarebytes' Anti-Malware 1.38
Database version: 2369
Windows 5.1.2600 Service Pack 2

7/3/2009 12:31:00 PM
mbam-log-2009-07-03 (12-31-00).txt

Scan type: Quick Scan
Objects scanned: 108038
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.




I have done this scan before, and the uacinit.dll keeps coming back.

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 5:25 pm

Ran ComboFix.

Freezed while it was deleting files.

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 5:26 pm

Hello.
Try running Combofix from safe mode. Smile

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 5:59 pm

ComboFix 09-07-02.02 - Kevin 07/03/2009 13:37.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.756 [GMT -4:00]
Running from: c:\documents and settings\Kevin\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\cleanup.exe
c:\windows\Install.txt
c:\windows\Installer\101fa936.msp
c:\windows\Installer\101fa93b.msp
c:\windows\Installer\101fa940.msp
c:\windows\Installer\101fa94b.msp
c:\windows\Installer\101fa950.msp
c:\windows\Installer\107f0892.msp
c:\windows\Installer\107f0897.msp
c:\windows\Installer\10efa097.msp
c:\windows\Installer\10efa09c.msp
c:\windows\Installer\10efa0a1.msp
c:\windows\Installer\10efa0a6.msp
c:\windows\Installer\10fec5.msp
c:\windows\Installer\11cdbbc9.msp
c:\windows\Installer\1211b296.msp
c:\windows\Installer\1211b29b.msp
c:\windows\Installer\1267691.msp
c:\windows\Installer\1842b18.msp
c:\windows\Installer\1842b1d.msp
c:\windows\Installer\1ac6836.msp
c:\windows\Installer\1ac683b.msp
c:\windows\Installer\1ac6840.msp
c:\windows\Installer\1b3c5f7d.msp
c:\windows\Installer\1b3c5f82.msp
c:\windows\Installer\1b3c5f87.msp
c:\windows\Installer\1b3c5f8c.msp
c:\windows\Installer\1b3c5f91.msp
c:\windows\Installer\1b3c5f96.msp
c:\windows\Installer\1b3c5f9b.msp
c:\windows\Installer\1b4bcf5.msp
c:\windows\Installer\1b4bcfa.msp
c:\windows\Installer\1b4bcff.msp
c:\windows\Installer\1b4bd0d.msp
c:\windows\Installer\1b4bd12.msp
c:\windows\Installer\1b4bd17.msp
c:\windows\Installer\1b4bd1c.msp
c:\windows\Installer\1c28c782.msp
c:\windows\Installer\206316dc.msp
c:\windows\Installer\2547c22.msp
c:\windows\Installer\2861c5b.msp
c:\windows\Installer\2861c5c.msp
c:\windows\Installer\2861c5d.msp
c:\windows\Installer\2861c5e.msp
c:\windows\Installer\2861c5f.msp
c:\windows\Installer\29c2958d.msp
c:\windows\Installer\3614304.msp
c:\windows\Installer\3614309.msp
c:\windows\Installer\3d61cf5.msp
c:\windows\Installer\4292f.msp
c:\windows\Installer\42934.msp
c:\windows\Installer\42939.msp
c:\windows\Installer\4293e.msp
c:\windows\Installer\42943.msp
c:\windows\Installer\42948.msp
c:\windows\Installer\4294d.msp
c:\windows\Installer\42952.msp
c:\windows\Installer\42957.msp
c:\windows\Installer\4295c.msp
c:\windows\Installer\42961.msp
c:\windows\Installer\42966.msp
c:\windows\Installer\4296b.msp
c:\windows\Installer\4c6f6.msp
c:\windows\Installer\4c6fb.msp
c:\windows\Installer\4c700.msp
c:\windows\Installer\4c705.msp
c:\windows\Installer\4c70a.msp
c:\windows\Installer\4c70f.msp
c:\windows\Installer\4c714.msp
c:\windows\Installer\4c719.msp
c:\windows\Installer\4c71e.msp
c:\windows\Installer\511f9.msp
c:\windows\Installer\511fe.msp
c:\windows\Installer\51203.msp
c:\windows\Installer\51208.msp
c:\windows\Installer\5120d.msp
c:\windows\Installer\51212.msp
c:\windows\Installer\5e61fc.msp
c:\windows\Installer\5e6201.msp
c:\windows\Installer\5e6206.msp
c:\windows\Installer\6beedc.msp
c:\windows\Installer\72fc479.msp
c:\windows\Installer\72fc47e.msp
c:\windows\Installer\753c68c.msp
c:\windows\Installer\753c699.msp
c:\windows\Installer\7c26b8f.msp
c:\windows\Installer\7c26b94.msp
c:\windows\Installer\a3c2d.msp
c:\windows\Installer\a9538f9.msp
c:\windows\Installer\a9538fe.msp
c:\windows\Installer\a953903.msp
c:\windows\Installer\a953908.msp
c:\windows\Installer\a95390d.msp
c:\windows\Installer\a953925.msp
c:\windows\Installer\aee71fa.msp
c:\windows\Installer\aee7200.msp
c:\windows\Installer\c29d8f5.msp
c:\windows\Installer\c29d8fb.msp
c:\windows\Installer\c29d901.msp
c:\windows\Installer\c29d907.msp
c:\windows\Installer\c29d90d.msp
c:\windows\Installer\c6db517.msp
c:\windows\Installer\c79a676.msp
c:\windows\Installer\db29695.msp
c:\windows\Installer\e4c06db.msp
c:\windows\Installer\e4c06e0.msp
c:\windows\Installer\e4c06e1.msp
c:\windows\Installer\eb71da1.msp
c:\windows\Installer\eb71da6.msp
c:\windows\Installer\eb71dab.msp
c:\windows\system32\au3305arc.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\UACumxxspvjwykyjli.sys
c:\windows\system32\Drivers\zldbvnok.sys
c:\windows\system32\Install.txt
c:\windows\system32\mlfcache.dat
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\UACfrcuxexnqmtdjpw.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACinqvsatyobdjlqr.dll
c:\windows\system32\UAClonkegyfrdgxoxm.db
c:\windows\system32\UACmsbovkayxlmndmh.dll
c:\windows\system32\UACpctgttturcoiskr.dll
c:\windows\system32\UACqfviqrcnpfdbwqwhx.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACwqovjdnllbsvxjg.dll
c:\windows\system32\UACxhtrjtqomqjunfy.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\jdiedmbs.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_MSNCACHE
-------\Legacy_NPF
-------\Legacy_SOPIDKC
-------\Service_NPF
-------\Legacy_MSNCACHE
-------\Legacy_NPF
-------\Legacy_SOPIDKC


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 16:17 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 16:17 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 04:15 . 2009-07-03 04:15 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-03 04:15 . 2009-07-03 04:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-02 20:55 . 2009-07-02 20:55 574 ----a-w- C:\cleanup.bat
2009-07-02 20:55 . 2009-07-02 20:55 135168 ----a-w- C:\zip.exe
2009-07-02 14:52 . 2009-07-03 06:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 22:03 . 2009-06-30 22:04 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Temp
2009-06-30 21:29 . 2009-06-30 21:29 127872 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\uninstall.exe
2009-06-30 05:14 . 2009-07-01 20:40 -------- d-----w- c:\documents and settings\Kevin\Application Data\LimeWire
2009-06-30 05:14 . 2009-06-30 05:14 -------- d-----w- c:\program files\LimeWire
2009-06-30 03:13 . 2009-06-30 03:13 -------- d-----w- c:\program files\TweetDeck
2009-06-25 22:15 . 2009-06-25 22:15 488960 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-25 22:15 . 2009-06-25 22:15 319488 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-23 05:22 . 2009-06-23 05:22 185 ----a-w- c:\windows\winnit.reg
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-22 02:35 . 2008-11-05 14:14 1048576 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-06-21 17:47 . 2009-07-03 17:43 -------- d-----w- c:\program files\PeerGuardian2
2009-06-20 06:31 . 2009-04-11 05:06 38208 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-18 05:27 . 2009-06-18 05:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-30 21:29 4183416 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-11 23:13 . 2009-06-11 23:13 -------- d-----w- c:\documents and settings\Kevin\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-06-10 09:01 . 2009-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\program files\iTunes
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 07:09 . 2009-06-10 07:11 -------- d-----w- c:\program files\QuickTime
2009-06-10 07:04 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 06:35 . 2009-06-10 06:35 -------- d-----w- c:\program files\ConvertHelper
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\program files\YouTube Downloader
2009-06-09 17:10 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 17:10 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 21:41 . 2009-06-06 21:44 -------- dc-h--w- c:\windows\ie8
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 17:42 . 2008-07-23 02:08 -------- d-----w- c:\program files\DNA
2009-07-03 17:42 . 2008-07-23 02:08 -------- d-----w- c:\documents and settings\Kevin\Application Data\DNA
2009-07-03 17:28 . 2008-07-23 02:28 -------- d-----w- c:\program files\BitComet
2009-07-03 16:17 . 2008-12-08 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 06:41 . 2006-11-28 07:02 -------- d-----w- c:\program files\Spyware Doctor
2009-07-03 06:09 . 2008-10-25 16:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 05:56 . 2008-07-03 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 20:07 . 2006-09-02 23:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 12:56 . 2006-08-06 06:51 -------- d-----w- c:\program files\PokerStars
2009-06-30 21:35 . 2007-11-23 05:14 -------- d-----w- c:\documents and settings\Kevin\Application Data\Move Networks
2009-06-26 03:39 . 2006-12-21 06:41 -------- d-----w- c:\program files\Camfrog
2009-06-26 03:39 . 2007-05-19 19:05 -------- d-----w- c:\program files\BearShare Test
2009-06-13 09:02 . 2008-08-29 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 09:18 . 2009-03-27 05:36 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 07:16 . 2006-08-04 21:03 -------- d-----w- c:\program files\iPod
2009-06-10 07:16 . 2007-09-10 23:58 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 07:12 . 2007-10-26 05:37 -------- d-----w- c:\program files\Bonjour
2009-06-10 07:05 . 2007-09-10 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 15:42 . 2007-12-06 20:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 07:04 . 2008-10-23 23:56 -------- d-----w- c:\documents and settings\Kevin\Application Data\skypePM
2009-06-02 07:01 . 2008-10-23 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-19 03:34 . 2009-05-15 05:27 -------- d-----w- c:\program files\Free FLV Converter
2009-05-13 05:15 . 2005-03-10 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:12 . 2006-07-19 02:48 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 18:51 . 2009-05-05 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-05-04 19:07 . 2009-06-02 05:42 2298680 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-21 18:51 . 2009-05-15 05:27 294912 ----a-w- c:\windows\system32\TubeFinder.exe
2009-04-17 09:58 . 2005-03-02 01:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-06 05:10 . 2009-04-06 05:10 1669 ----a-w- c:\windows\unins000.dat
2008-10-25 16:40 . 2008-10-25 16:40 10279270 ----a-w- c:\program files\pmconverter_setup.exe
.

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

part 2

Post by lightguy531 on Fri Jul 03, 2009 6:00 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-03-16 1824040]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"BitComet"="c:\program files\BitComet\BitComet.exe" [2009-05-18 2592056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"librtexec"="javaw -jar" [X]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-05-27 136512]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-24 253952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-01 144792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-13 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-18 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7213:TCP"= 7213:TCP:BitComet 7213 TCP
"7213:UDP"= 7213:UDP:BitComet 7213 UDP
"12706:TCP"= 12706:TCP:12706
"30115:TCP"= 30115:TCP:30115
"31436:TCP"= 31436:TCP:Gnutella
"31436:UDP"= 31436:UDP:Gnutella2
"24181:TCP"= 24181:TCP:BitComet 24181 TCP
"24181:UDP"= 24181:UDP:BitComet 24181 UDP

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [7/18/2006 11:28 AM 6144]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/18/2006 9:53 PM 58464]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/3/2009 1:23 AM 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 iwfjrvci;iwfjrvci;c:\windows\system32\drivers\tresjrbi.sys --> c:\windows\system32\drivers\tresjrbi.sys [?]
S2 lydlcnc;lydlcnc;c:\windows\system32\drivers\xumma.sys --> c:\windows\system32\drivers\xumma.sys [?]
S2 tigly;tigly;c:\windows\system32\drivers\xkotrtj.sys --> c:\windows\system32\drivers\xkotrtj.sys [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/8/2008 6:31 PM 33808]
S4 I2decenrvi;I2decenrvi; [x]

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

part 3

Post by lightguy531 on Fri Jul 03, 2009 6:00 pm

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020Core.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020UA.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - [You must be registered and logged in to see this link.] files\Ctrax Player\DMDownload.htm
DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\
FF - plugin: c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-03 13:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3520)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\javaw.exe
c:\windows\system32\searchindexer.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-03 13:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 17:50

Pre-Run: 8,875,909,120 bytes free
Post-Run: 8,699,785,216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

518 --- E O F --- 2009-06-24 09:00

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 6:10 pm

Hello.
We need to remove a few more things using Combofix, but we need to uninstall a few things too.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 6:14 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Advanced Video FX Engine
AIM 6
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Atheros Wireless LAN MiniPCI/PCIe card Driver
AviSynth 2.5
BitComet 1.12
Bluetooth Stack for Windows by Toshiba
Bonjour
Bonjour Core for Windows
Camtasia Studio 6
CCleaner (remove only)
Cisco Clean Access Agent
Cisco Clean Access Agent
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
DivX Converter
DivX Player
DivX Web Player
Drive Manager
Drive Manager
DVD-RAM Driver
Easy DVD Ripper & Converter
FLV Player
Free FLV Converter V 6.32
Free iPod Video Converter 1.34
Google Talk Plugin
Google Video Player
Goombah Partner COM Server
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Image Zone Express
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HyperCam 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterActual Player
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 10
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 4.7.5
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 5.0.11
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Music Rescue 3.1.6
MySpaceIM
Nikon Message Center
Nikon Transfer
Paint.NET v3.36
PeerGuardian 2.0
PokerStars
Protected Music Converter 1.0.0.13
QuickTime
RealPlayer
Realtek High Definition Audio Driver
SD Secure Module
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
SopCast 3.0.3
TBS WMP Plug-in
TOSHIBA HDD Protection
TOSHIBA Software Modem
Total Recorder 6.0
TVUPlayer 2.4.0.1
TweakNow RegCleaner Standard
TweetDeck
twhirl
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6e
Videora iPod Converter 4.07
Viewpoint Media Player
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinRAR archiver
Xilisoft Video Converter 3
XP TCP/IP Repair 1.0
Yahoo! Install Manager

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 6:39 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.8
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 10
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    LimeWire PRO 5.0.11
    Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\documents and settings\Kevin\Application Data\LimeWire
c:\program files\LimeWire
c:\program files\BitComet
c:\documents and settings\Kevin\Application Data\DNA
c:\program files\DNA
c:\program files\BearShare Test

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7213:TCP"=-
"7213:UDP"=-
"12706:TCP"=-
"30115:TCP"=-
"31436:TCP"=-
"31436:UDP"=-
"24181:TCP"=-
"24181:UDP"=-

Driver::
iwfjrvci
lydlcnc
tigly
I2decenrvi

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Part 1

Post by lightguy531 on Fri Jul 03, 2009 7:47 pm

ComboFix 09-07-02.03 - Kevin 07/03/2009 15:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.562 [GMT -4:00]
Running from: c:\documents and settings\Kevin\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kevin\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\Application Data\DNA
c:\documents and settings\Kevin\Application Data\DNA\dht.dat
c:\documents and settings\Kevin\Application Data\DNA\dht.dat.old
c:\documents and settings\Kevin\Application Data\DNA\dna.lng
c:\documents and settings\Kevin\Application Data\DNA\resume.dat
c:\documents and settings\Kevin\Application Data\DNA\resume.dat.old
c:\documents and settings\Kevin\Application Data\DNA\rss.dat
c:\documents and settings\Kevin\Application Data\DNA\rss.dat.old
c:\documents and settings\Kevin\Application Data\DNA\settings.dat
c:\documents and settings\Kevin\Application Data\DNA\settings.dat.old
c:\documents and settings\Kevin\Application Data\LimeWire
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:47 pm

c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

part 3

Post by lightguy531 on Fri Jul 03, 2009 7:48 pm

c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:49 pm

c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xul.dll

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:50 pm

c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Kevin\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Kevin\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Kevin\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Kevin\Application Data\LimeWire\downloads.dat
c:\documents and settings\Kevin\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Kevin\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Kevin\Application Data\LimeWire\gnutella.net
c:\documents and settings\Kevin\Application Data\LimeWire\installation.props
c:\documents and settings\Kevin\Application Data\LimeWire\library.dat
c:\documents and settings\Kevin\Application Data\LimeWire\library5.dat
c:\documents and settings\Kevin\Application Data\LimeWire\limewire.props
c:\documents and settings\Kevin\Application Data\LimeWire\mojito.props
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\27F0EFC1d01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\7973F814d01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF9d01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Cd01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\Cache\E746DCC7d01
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\places.sqlite-stmtjrnl
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Kevin\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Kevin\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Kevin\Application Data\LimeWire\questions.props
c:\documents and settings\Kevin\Application Data\LimeWire\responses.cache
c:\documents and settings\Kevin\Application Data\LimeWire\simpp.xml
c:\documents and settings\Kevin\Application Data\LimeWire\spam.dat
c:\documents and settings\Kevin\Application Data\LimeWire\tables.props
c:\documents and settings\Kevin\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Kevin\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Kevin\Application Data\LimeWire\version.xml
c:\documents and settings\Kevin\Application Data\LimeWire\versions.props
c:\documents and settings\Kevin\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Kevin\Application Data\LimeWire\xml\data\video.sxml3
c:\program files\BearShare Test
c:\program files\BearShare Test\BearShare.dat
c:\program files\BearShare Test\db\config.bin
c:\program files\BearShare Test\db\config.bin.bak
c:\program files\BearShare Test\db\gwebcache.dat
c:\program files\BearShare Test\db\Hostiles-Chat.txt
c:\program files\BearShare Test\db\Hostiles.txt
c:\program files\BearShare Test\db\library.2.db
c:\program files\BearShare Test\db\library.2.db.lastgoodload.bak
c:\program files\BearShare Test\db\library.db
c:\program files\BearShare Test\db\library.db.lastgoodload.bak
c:\program files\BearShare Test\db\searches.ini
c:\program files\BearShare Test\FreePeers.ini
c:\program files\BearShare Test\Logs\hosts-state.txt
c:\program files\BearShare Test\Logs\memory.txt
c:\program files\BearShare Test\Logs\ordinal.txt
c:\program files\BearShare Test\Logs\streams.txt

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:51 pm

c:\program files\BitComet
c:\program files\BitComet\archive\8dbc6f5270bb98c117c15e69455ce6fc3d519dd9.torrent
c:\program files\BitComet\archive\9d38e984465e7fcd3d08da6d3f26670c9ec4cb66.torrent
c:\program files\BitComet\archive\a5ade0b22a54ad2bb741c2b63b26cea9cb656199.torrent
c:\program files\BitComet\archive\a8773b6cef2703cfdd9d2fe0f6cf4aa61c3361b5.torrent
c:\program files\BitComet\archive\ae8fa27f1098577d6934c925b5e3640ba7c06487.torrent
c:\program files\BitComet\archive\e806df25d3a12761bf76f5470f994eefade00d07.torrent
c:\program files\BitComet\BitComet.exe
c:\program files\BitComet\BitComet.url
c:\program files\BitComet\BitComet.xml
c:\program files\BitComet\cache\post_info.xml
c:\program files\BitComet\ChangeLog.txt
c:\program files\BitComet\CrashReport.exe
c:\program files\BitComet\dbghelp.dll
c:\program files\BitComet\Downloads.xml
c:\program files\BitComet\Downloads.xml.bak
c:\program files\BitComet\fav\download-complete.wav
c:\program files\BitComet\fav\fav_bg.xml
c:\program files\BitComet\fav\fav_ca.xml
c:\program files\BitComet\fav\fav_de.xml
c:\program files\BitComet\fav\fav_el.xml
c:\program files\BitComet\fav\fav_en_us.xml
c:\program files\BitComet\fav\fav_en_us.xml.bak
c:\program files\BitComet\fav\fav_es.xml
c:\program files\BitComet\fav\fav_fi.xml
c:\program files\BitComet\fav\fav_he.xml
c:\program files\BitComet\fav\fav_hu.xml
c:\program files\BitComet\fav\fav_it.xml
c:\program files\BitComet\fav\fav_ja.xml
c:\program files\BitComet\fav\fav_ko.xml
c:\program files\BitComet\fav\fav_lv.xml
c:\program files\BitComet\fav\fav_nl.xml
c:\program files\BitComet\fav\fav_pl.xml
c:\program files\BitComet\fav\fav_pt.xml
c:\program files\BitComet\fav\fav_pt_br.xml
c:\program files\BitComet\fav\fav_ru.xml
c:\program files\BitComet\fav\fav_sl.xml
c:\program files\BitComet\fav\fav_th.xml
c:\program files\BitComet\fav\fav_uk.xml
c:\program files\BitComet\fav\fav_vi.xml
c:\program files\BitComet\fav\fav_zh_cn.xml
c:\program files\BitComet\fav\fav_zh_tw.xml
c:\program files\BitComet\fav\HowTo-AddYourSite.txt
c:\program files\BitComet\fav\passport_info_en_us.mht
c:\program files\BitComet\fav\passport_info_zh_cn.mht
c:\program files\BitComet\fav\passport_info_zh_tw.mht
c:\program files\BitComet\fav\passport_login_en_us.mht
c:\program files\BitComet\fav\passport_login_zh_cn.mht
c:\program files\BitComet\fav\passport_login_zh_tw.mht
c:\program files\BitComet\lang\bitcomet-ar.mo
c:\program files\BitComet\lang\bitcomet-bg.mo
c:\program files\BitComet\lang\bitcomet-bs.mo
c:\program files\BitComet\lang\bitcomet-ca.mo
c:\program files\BitComet\lang\bitcomet-cs.mo
c:\program files\BitComet\lang\bitcomet-da.mo
c:\program files\BitComet\lang\bitcomet-de.mo
c:\program files\BitComet\lang\bitcomet-el.mo
c:\program files\BitComet\lang\bitcomet-en_US.mo
c:\program files\BitComet\lang\bitcomet-es.mo
c:\program files\BitComet\lang\bitcomet-es_AR.mo
c:\program files\BitComet\lang\bitcomet-et.mo
c:\program files\BitComet\lang\bitcomet-eu.mo
c:\program files\BitComet\lang\bitcomet-fa.mo
c:\program files\BitComet\lang\bitcomet-fi.mo
c:\program files\BitComet\lang\bitcomet-fr.mo
c:\program files\BitComet\lang\bitcomet-gl.mo
c:\program files\BitComet\lang\bitcomet-he.mo
c:\program files\BitComet\lang\bitcomet-hr.mo
c:\program files\BitComet\lang\bitcomet-hu.mo
c:\program files\BitComet\lang\bitcomet-hy.mo
c:\program files\BitComet\lang\bitcomet-id.mo
c:\program files\BitComet\lang\bitcomet-it.mo
c:\program files\BitComet\lang\bitcomet-ja.mo
c:\program files\BitComet\lang\bitcomet-kk.mo
c:\program files\BitComet\lang\bitcomet-kn.mo
c:\program files\BitComet\lang\bitcomet-ko.mo
c:\program files\BitComet\lang\bitcomet-lt.mo
c:\program files\BitComet\lang\bitcomet-lv.mo
c:\program files\BitComet\lang\bitcomet-mk.mo
c:\program files\BitComet\lang\bitcomet-ms.mo
c:\program files\BitComet\lang\bitcomet-nb.mo
c:\program files\BitComet\lang\bitcomet-ne.mo
c:\program files\BitComet\lang\bitcomet-nl.mo
c:\program files\BitComet\lang\bitcomet-pl.mo
c:\program files\BitComet\lang\bitcomet-pt.mo
c:\program files\BitComet\lang\bitcomet-pt_BR.mo
c:\program files\BitComet\lang\bitcomet-ro.mo
c:\program files\BitComet\lang\bitcomet-ru.mo
c:\program files\BitComet\lang\bitcomet-sk.mo
c:\program files\BitComet\lang\bitcomet-sl.mo
c:\program files\BitComet\lang\bitcomet-sq.mo
c:\program files\BitComet\lang\bitcomet-sr.mo
c:\program files\BitComet\lang\bitcomet-sv.mo
c:\program files\BitComet\lang\bitcomet-ta.mo
c:\program files\BitComet\lang\bitcomet-th.mo
c:\program files\BitComet\lang\bitcomet-tr.mo
c:\program files\BitComet\lang\bitcomet-uk.mo
c:\program files\BitComet\lang\bitcomet-ur.mo
c:\program files\BitComet\lang\bitcomet-vi.mo
c:\program files\BitComet\lang\bitcomet-zh_CN.mo
c:\program files\BitComet\lang\bitcomet-zh_TW.mo
c:\program files\BitComet\lang\HowTo-Translate.txt
c:\program files\BitComet\License.txt
c:\program files\BitComet\ReadMe.txt
c:\program files\BitComet\rules\dhtnodes.dat
c:\program files\BitComet\rules\tracker.dat
c:\program files\BitComet\scripts\cookie.lua
c:\program files\BitComet\scripts\mp3_baidu.lua
c:\program files\BitComet\scripts\mp3_didai.lua
c:\program files\BitComet\scripts\mp3_iask.lua
c:\program files\BitComet\scripts\mp3_qihoo.lua
c:\program files\BitComet\scripts\mp3_sogou.lua
c:\program files\BitComet\scripts\mp3_sogua.lua
c:\program files\BitComet\scripts\mp3_yahoo.lua
c:\program files\BitComet\scripts\mp3_zhongsou.lua
c:\program files\BitComet\scripts\refer_crsky.lua
c:\program files\BitComet\scripts\refer_newhua.lua
c:\program files\BitComet\scripts\refer_pchome.lua
c:\program files\BitComet\scripts\refer_skycn.lua
c:\program files\BitComet\scripts\refer_sourceforge.lua
c:\program files\BitComet\scripts\soft_21cn.lua
c:\program files\BitComet\scripts\soft_crsky.lua
c:\program files\BitComet\scripts\soft_ddooo.lua
c:\program files\BitComet\scripts\soft_duote.lua
c:\program files\BitComet\scripts\soft_it_com_cn.lua
c:\program files\BitComet\scripts\soft_mydown.lua
c:\program files\BitComet\scripts\soft_mydrivers.lua
c:\program files\BitComet\scripts\soft_newhua.lua
c:\program files\BitComet\scripts\soft_pchome.lua
c:\program files\BitComet\scripts\soft_pconline.lua
c:\program files\BitComet\scripts\soft_sina.lua
c:\program files\BitComet\scripts\soft_skycn.lua
c:\program files\BitComet\scripts\soft_sohu.lua
c:\program files\BitComet\scripts\soft_zol.lua
c:\program files\BitComet\share\my_shares.xml
c:\program files\BitComet\tools\bitcomet_extension_signed.xpi
c:\program files\BitComet\tools\BitCometAgent_1.3.3.2.dll
c:\program files\BitComet\tools\BitCometBHO_1.3.3.2.dll
c:\program files\BitComet\tools\npBitCometAgent.dll
c:\program files\BitComet\tools\nsIBitCometAgent.xpt
c:\program files\BitComet\tools\UPNP.exe
c:\program files\BitComet\tools\VideoSnapshot.exe
c:\program files\BitComet\torrents\[2003] Number Ones - Michael Jackson - 184mb @ 320.torrent
c:\program files\BitComet\torrents\Billy Madison.avi.torrent
c:\program files\BitComet\torrents\BOWLING FOR SOUP - DISCOGRAPHY [CHANNEL NEO].torrent
c:\program files\BitComet\torrents\ComboFix.exe.xml
c:\program files\BitComet\torrents\Family Guy - Blue Harvest.avi.torrent
c:\program files\BitComet\torrents\Family Guy - Blue Harvest.avi.xml
c:\program files\BitComet\torrents\Green Day - 21st Century Breakdown (2009) - Rock [[You must be registered and logged in to see this link.] Bloop].torrent
c:\program files\BitComet\torrents\Green Day - 21st Century Breakdown (2009) - Rock [[You must be registered and logged in to see this link.] Bloop].xml
c:\program files\BitComet\torrents\Hilary Duff - Metamorphosis [2003].torrent
c:\program files\BitComet\torrents\LimeWire 5.0.11 Pro Multilang - Final.torrent
c:\program files\BitComet\torrents\LimeWire 5.0.11 Pro Multilang - Final.xml
c:\program files\BitComet\torrents\Michael Jackson - Number Ones.torrent
c:\program files\BitComet\torrents\No Doubt - The Singles (1992-2003) @(320).torrent
c:\program files\BitComet\torrents\No Doubt - The Singles (1992-2003) @(320).xml
c:\program files\BitComet\torrents\The Beach Boys - 20 Good Vibrations (The Greatest Hits) (MP3@320Kbps).torrent
c:\program files\BitComet\torrents\The Beach Boys - 20 Good Vibrations (The Greatest Hits) (MP3@320Kbps).xml
c:\program files\BitComet\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:52 pm

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IWFJRVCI
-------\Legacy_LYDLCNC
-------\Legacy_TIGLY
-------\Service_I2decenrvi
-------\Service_iwfjrvci
-------\Service_lydlcnc
-------\Service_tigly


((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.

2009-07-03 16:17 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 16:17 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 04:15 . 2009-07-03 04:15 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-03 04:15 . 2009-07-03 04:15 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-02 20:55 . 2009-07-02 20:55 574 ----a-w- C:\cleanup.bat
2009-07-02 20:55 . 2009-07-02 20:55 135168 ----a-w- C:\zip.exe
2009-07-02 14:52 . 2009-07-03 06:41 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-30 22:03 . 2009-06-30 22:04 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Temp
2009-06-11 23:13 . 2009-06-11 23:13 -------- d-----w- c:\documents and settings\Kevin\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-06-10 09:01 . 2009-06-10 09:01 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\program files\iTunes
2009-06-10 07:15 . 2009-06-10 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-10 07:09 . 2009-06-10 07:11 -------- d-----w- c:\program files\QuickTime
2009-06-10 07:04 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-10 06:35 . 2009-06-10 06:35 -------- d-----w- c:\program files\ConvertHelper
2009-06-09 22:00 . 2009-06-09 22:00 -------- d-----w- c:\program files\YouTube Downloader
2009-06-09 17:10 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 17:10 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 21:41 . 2009-06-06 21:44 -------- dc-h--w- c:\windows\ie8
2009-06-05 17:57 . 2009-06-05 17:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 19:04 . 2007-01-12 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-03 19:04 . 2006-07-19 18:28 -------- d-----w- c:\program files\Viewpoint
2009-07-03 18:58 . 2006-08-05 02:03 -------- d-----w- c:\program files\Java
2009-07-03 18:04 . 2009-06-21 17:47 -------- d-----w- c:\program files\PeerGuardian2
2009-07-03 16:17 . 2008-12-08 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 06:41 . 2006-11-28 07:02 -------- d-----w- c:\program files\Spyware Doctor
2009-07-03 06:09 . 2008-10-25 16:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 05:56 . 2008-07-03 05:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 20:07 . 2006-09-02 23:05 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-02 12:56 . 2006-08-06 06:51 -------- d-----w- c:\program files\PokerStars
2009-06-30 21:35 . 2007-11-23 05:14 -------- d-----w- c:\documents and settings\Kevin\Application Data\Move Networks
2009-06-30 21:29 . 2009-06-30 21:29 127872 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\uninstall.exe
2009-06-30 21:29 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-30 03:13 . 2009-06-30 03:13 -------- d-----w- c:\program files\TweetDeck
2009-06-26 03:39 . 2006-12-21 06:41 -------- d-----w- c:\program files\Camfrog
2009-06-25 22:15 . 2009-06-25 22:15 488960 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-25 22:15 . 2009-06-25 22:15 319488 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-06-23 05:22 . 2009-06-23 05:22 185 ----a-w- c:\windows\winnit.reg
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Kevin\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-13 09:02 . 2008-08-29 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-10 09:18 . 2009-03-27 05:36 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-10 07:16 . 2006-08-04 21:03 -------- d-----w- c:\program files\iPod
2009-06-10 07:16 . 2007-09-10 23:58 -------- d-----w- c:\program files\Common Files\Apple
2009-06-10 07:12 . 2007-10-26 05:37 -------- d-----w- c:\program files\Bonjour
2009-06-10 07:05 . 2007-09-10 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-05 15:42 . 2007-12-06 20:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-02 07:04 . 2008-10-23 23:56 -------- d-----w- c:\documents and settings\Kevin\Application Data\skypePM
2009-06-02 07:01 . 2008-10-23 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-19 03:34 . 2009-05-15 05:27 -------- d-----w- c:\program files\Free FLV Converter
2009-05-13 05:15 . 2005-03-10 08:02 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 19:12 . 2006-07-19 02:48 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 18:51 . 2009-05-05 18:51 -------- d-----w- c:\documents and settings\Kevin\Application Data\Windows Search
2009-05-04 19:07 . 2009-06-02 05:42 2298680 ----a-w- c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-04-21 18:51 . 2009-05-15 05:27 294912 ----a-w- c:\windows\system32\TubeFinder.exe
2009-04-17 09:58 . 2005-03-02 01:06 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2004-08-04 12:00 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-11 05:06 . 2009-06-20 06:31 38208 ----a-w- c:\documents and settings\Kevin\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-04-06 05:10 . 2009-04-06 05:10 1669 ----a-w- c:\windows\unins000.dat
2008-10-25 16:40 . 2008-10-25 16:40 10279270 ----a-w- c:\program files\pmconverter_setup.exe
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-03 18:49 . 2008-10-01 03:02 139264 c:\windows\system32\javaw.exe
- 2008-10-01 03:02 . 2008-10-01 03:02 139264 c:\windows\system32\javaw.exe

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:53 pm

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Google Update"="c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-03-16 1824040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"librtexec"="javaw -jar" [X]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-05-27 136512]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-24 253952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-13 180269]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-04 160800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2006-05-12 86016]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2008-4-2 1884880]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-18 155648]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.exe \??\c:\docume~1\ALLUSE~1\APPLIC~1\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aolsoftware.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Kevin\\Application Data\\Macromedia\\Flash Player\\[You must be registered and logged in to see this link.]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [7/18/2006 11:28 AM 6144]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [7/18/2006 9:53 PM 58464]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [8/8/2008 6:31 PM 33808]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020Core.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3648010671-415334117-2666150105-1020UA.job
- c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:00]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent DNA - c:\program files\DNA\btdna.exe
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save with Download Manager... - [You must be registered and logged in to see this link.] files\Ctrax Player\DMDownload.htm
DPF: {276595D9-1388-512A-F24E-B6B3DE32B732} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\h2yzytjk.default\
FF - plugin: c:\documents and settings\Kevin\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Kevin\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Kevin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 7:53 pm

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-07-03 15:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\EntApi.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1300)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Network Associates\Common Framework\Mctray.exe
c:\windows\system32\ThpSrv.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
.
**************************************************************************
.
Completion time: 2009-07-03 15:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-03 19:41
ComboFix2.txt 2009-07-03 17:50

Pre-Run: 8,947,396,608 bytes free
Post-Run: 8,856,088,576 bytes free

908 --- E O F --- 2009-06-24 09:00

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 7:55 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Fri Jul 03, 2009 8:08 pm

So far so good, just got a bubble on the start bar saying "virusscan enterprise is turned off"

It's the virus protection that's located with Windows Firewall, and windows security.

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

Re: Ready for more System Security

Post by Belahzur on Fri Jul 03, 2009 8:36 pm

I did notice Combofix not detecting Mcafee as even present on the system.
Want to try and install Avira?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Ready for more System Security

Post by lightguy531 on Sat Jul 04, 2009 4:21 am

I'll give it a shot, I'll have to uninstall it when I go back to school anyway cause they only allow McAfee.

I mean, McAfee is enabled and running.

Could it have been because I disabled it for the ComboFix scans?

lightguy531
Novice
Novice

Status :
Online
Offline

Posts : 33
Joined : 2009-07-03
OS : XP SP2

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum