blocked sites ! help needed pls!

qweiopqiwoep · by qweiopqiwoep on Sun 12 Apr 2009, 12:15 am

First topic message reminder :

whenever my antivirus(norton 360 to be exact) updates it fails to update and then when i opened firefox , other antivirus sites doesn't work anymore like avg.com . . . .how do i fix this???

**Belahzur** · by **Belahzur** on Tue 14 Apr 2009, 8:44 am

Hello.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

File::
c:\windows\system32\dqifco.dll

Folder::
c:\documents and settings\Jack\Application Data\uTorrent
c:\documents and settings\Jack\Application Data\LimeWire
c:\windows\system32\682F27
c:\program files\LimeWire
c:\program files\uTorrent

NetSvc::
DMagent

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14f90e04-18d8-11de-8ad4-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f7a624-f575-11dd-8a6f-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4671551a-f3fb-11dd-8a6d-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a6c6c52-0aaa-11de-8aa4-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d39c6b8-0e8b-11de-8aae-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{976b1fed-17ca-11de-8ad2-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3ba-0c06-11de-8aab-001676d5a088}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee74b3bb-0c06-11de-8aab-001676d5a088}]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 4:59 pm

ComboFix 09-04-14.01 - Jack 04/15/2009 8:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.122 [GMT -7:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: Norton 360 *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\dqifco.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jack\Application Data\LimeWire
c:\documents and settings\Jack\Application Data\LimeWire\.AppSpecialShare\LimeWire 5.0.11 Pro Multilang - Final.torrent
c:\documents and settings\Jack\Application Data\LimeWire\.AppSpecialShare\Show.Me.Microsoft®.Office.Powerpoint®.2003.chm.torrent
c:\documents and settings\Jack\Application Data\LimeWire\active.mojito
c:\documents and settings\Jack\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\oji.xpt

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 5:00 pm

c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\svg.css

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 5:00 pm

c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Jack\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Jack\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Jack\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Jack\Application Data\LimeWire\downloads.dat
c:\documents and settings\Jack\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Jack\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Jack\Application Data\LimeWire\filters.props
c:\documents and settings\Jack\Application Data\LimeWire\gnutella.net
c:\documents and settings\Jack\Application Data\LimeWire\installation.props
c:\documents and settings\Jack\Application Data\LimeWire\library.dat
c:\documents and settings\Jack\Application Data\LimeWire\library5.dat
c:\documents and settings\Jack\Application Data\LimeWire\limewire.props
c:\documents and settings\Jack\Application Data\LimeWire\mojito.props
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A99d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\Cache\E746DCC7d01
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Jack\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Jack\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Jack\Application Data\LimeWire\questions.props
c:\documents and settings\Jack\Application Data\LimeWire\responses.cache
c:\documents and settings\Jack\Application Data\LimeWire\simpp.xml
c:\documents and settings\Jack\Application Data\LimeWire\spam.dat
c:\documents and settings\Jack\Application Data\LimeWire\tables.props
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\version.txt
c:\documents and settings\Jack\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\Jack\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Jack\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Jack\Application Data\LimeWire\version.xml
c:\documents and settings\Jack\Application Data\LimeWire\versions.props
c:\documents and settings\Jack\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Jack\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Jack\Application Data\uTorrent
c:\documents and settings\Jack\Application Data\uTorrent\CivCity Rome.torrent
c:\documents and settings\Jack\Application Data\uTorrent\dht.dat
c:\documents and settings\Jack\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\resume.dat
c:\documents and settings\Jack\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\rss.dat
c:\documents and settings\Jack\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Jack\Application Data\uTorrent\settings.dat
c:\documents and settings\Jack\Application Data\uTorrent\settings.dat.old
c:\program files\LimeWire
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 5:01 pm

c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\682F27
c:\windows\system32\682F27\a1.ini
c:\windows\system32\682F27\a2.ini
c:\windows\system32\682F27\a3.ini
c:\windows\system32\682F27\AK0526A.EXE
c:\windows\system32\682F27\AN0526A.EXE
c:\windows\system32\682F27\cnvpe.fne
c:\windows\system32\682F27\dp1.fne
c:\windows\system32\682F27\eAPI.fne
c:\windows\system32\682F27\HtmlView.fne
c:\windows\system32\682F27\internet.fne
c:\windows\system32\682F27\krnln.fnr
c:\windows\system32\682F27\KWA2A9.EXE
c:\windows\system32\682F27\KZ0526A.EXE
c:\windows\system32\682F27\nbbr6xp.exe
c:\windows\system32\682F27\nbbr7xp.exe
c:\windows\system32\682F27\nbbrnxp.exe
c:\windows\system32\682F27\nbirnxp.exe
c:\windows\system32\682F27\nmirnxp.exe
c:\windows\system32\682F27\nmurnxp.exe
c:\windows\system32\682F27\ntirnxp.exe
c:\windows\system32\682F27\p.ini
c:\windows\system32\682F27\PJA2A9.EXE
c:\windows\system32\682F27\PP-A2A9.EXE
c:\windows\system32\682F27\PWA2A9.EXE
c:\windows\system32\682F27\RegEx.fnr
c:\windows\system32\682F27\shell.fne
c:\windows\system32\682F27\spec.fne
c:\windows\system32\dqifco.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMagent
-------\Service_DMagent

((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-14 04:22 . 2009-04-14 04:22 -------- d-----w c:\documents and settings\Guest2\Application Data\Symantec
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\Jack\Application Data\Malwarebytes
2009-04-13 15:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 15:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:55 . 2009-04-10 19:55 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Help
2009-04-10 02:39 . 2009-04-10 02:39 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Symantec
2009-04-08 21:35 . 2009-04-08 21:41 -------- d-----w c:\documents and settings\Jack\Application Data\Symantec
2009-04-08 21:28 . 2009-04-08 21:34 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-08 21:28 . 2009-04-08 21:34 60800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-08 21:28 . 2009-04-08 21:34 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-08 21:28 . 2009-04-08 21:34 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-08 21:08 . 2009-04-08 22:37 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w c:\documents and settings\Jack\Application Data\AVGTOOLBAR
2009-04-08 16:32 . 2009-04-08 18:27 627232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 16:32 . 2009-04-08 18:27 2660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 16:32 . 2009-04-08 18:27 17184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 16:32 . 2009-04-08 18:27 10520 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 16:13 . 2009-04-08 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-08 16:13 . 2009-04-08 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Downloaded Installations
2009-04-04 01:02 . 2009-04-04 01:02 -------- d-----w c:\documents and settings\Jack\Application Data\Grisoft
2009-04-04 01:01 . 2009-04-04 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-03 00:57 . 2009-04-03 00:57 -------- d-----w c:\windows\Sun
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\windows\system32\sys
2009-04-01 18:18 . 2009-04-01 18:18 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-25 05:16 . 2009-03-25 05:16 -------- d-----w c:\windows\Logs
2009-03-25 04:41 . 2009-03-25 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-25 01:10 . 2005-01-04 09:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-25 01:10 . 2003-07-20 18:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-23 20:59 . 2004-08-04 07:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 20:59 . 2004-08-04 07:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-23 03:57 . 2009-03-23 03:57 -------- d-----w c:\documents and settings\Jack\Application Data\DAEMON Tools Pro
2009-03-23 03:45 . 2009-03-25 04:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-21 19:00 . 2009-04-15 15:41 -------- d-----w C:\pirata

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 15:49 . 2009-04-08 21:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 21:01 . 2009-02-12 23:28 -------- d-----w c:\program files\Garena
2009-04-08 21:39 . 2009-04-08 21:32 -------- d-----w c:\program files\Norton 360
2009-04-08 21:34 . 2009-04-08 21:28 -------- d-----w c:\program files\Symantec
2009-04-08 21:33 . 2009-04-08 21:33 -------- d-----w c:\program files\Windows Sidebar
2009-04-08 17:38 . 2009-04-08 16:13 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-01 18:18 . 2009-02-12 04:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:18 . 2009-04-01 18:18 -------- d-----w c:\program files\Java
2009-04-01 17:41 . 2009-02-28 01:48 -------- d-----w c:\program files\Firaxis Games
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\e-Games
2009-03-31 20:17 . 2009-01-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 03:09 . 2009-03-27 03:09 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-25 05:11 . 2009-03-23 03:47 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-15 00:03 . 2009-03-11 23:14 -------- d-----w c:\program files\AVS4YOU
2009-03-15 00:03 . 2009-03-11 23:17 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-13 04:28 . 2009-03-11 23:23 -------- d-----w c:\documents and settings\Jack\Application Data\AVS4YOU
2009-03-13 03:06 . 2009-03-13 03:04 -------- d-----w c:\documents and settings\Jack\Application Data\GetRightToGo
2009-03-13 02:58 . 2009-03-13 02:58 1405294 --sh--r c:\windows\system32\54C76F\18A57B.EXE
2009-03-11 23:22 . 2009-03-11 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-11 03:07 . 2004-07-17 15:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 02:26 . 2009-02-28 02:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-26 13:46 . 2009-02-15 19:55 70864 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:51 . 2009-01-25 21:07 70864 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:50 . 2009-02-21 02:50 -------- d-----w c:\program files\Guitar Pro 5
2009-02-15 21:15 . 2009-02-15 20:59 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys.install_backup
2009-02-15 21:15 . 2009-02-15 21:15 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup_1
2009-02-15 21:15 . 2009-02-15 20:59 96520 ----a-w c:\windows\system32\drivers\avgldx86.sys.install_backup
2009-02-15 21:15 . 2009-02-15 20:59 26824 ----a-w c:\windows\system32\drivers\avgmfx86.sys.install_backup
2009-02-15 21:00 . 2009-02-15 21:00 12424 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-02-15 19:55 . 2009-02-15 19:55 129 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\fusioncache.dat
2009-02-15 19:55 . 2009-02-15 19:55 -------- d-----w c:\documents and settings\Guest2\Application Data\ATI
2009-02-08 00:21 . 2009-02-08 00:21 30 --sha-r c:\windows\pc-off.bat
2009-01-31 16:17 . 2009-01-25 20:57 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-29 03:49 . 2009-03-11 23:14 974848 ----a-w c:\windows\system32\mfc70.dll
2009-01-29 03:49 . 2009-03-11 23:14 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-01-29 03:49 . 2009-03-11 23:14 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-01-29 03:49 . 2009-03-11 23:14 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-01-29 03:49 . 2009-03-11 23:14 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-01-25 22:02 . 2009-01-25 22:02 127 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\fusioncache.dat
2009-01-25 21:53 . 2009-01-25 21:52 172 ----a-w C:\Sigmatel
2009-01-25 20:55 . 2009-01-25 20:55 21640 ----a-w c:\windows\system32\emptyregdb.dat

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 5:02 pm

.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 15:49 . 2009-04-15 15:49 16384 c:\windows\Temp\Perflib_Perfdata_6b4.dat
+ 2009-04-15 15:49 . 2009-04-15 15:49 16384 c:\windows\Temp\Perflib_Perfdata_530.dat
+ 2009-04-15 15:48 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"L08AXLRD_1082468"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"\\Ace\EPSON Stylus C59 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE" [2006-02-22 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=

R2 DMagent;Driver Trusted;c:\windows\system32\svchost.exe [2004-08-04 14336]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-02-13 109616]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - DMAGENT
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\945wbpqm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-15 08:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]
"ServiceDll"="c:\windows\system32\dqifco.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1428)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\stacsv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-15 15:52
ComboFix2.txt 2009-04-14 18:52

Pre-Run: 40,705,744,896 bytes free
Post-Run: 40,606,027,776 bytes free

697

**Belahzur** · by **Belahzur** on Tue 14 Apr 2009, 5:05 pm

Hmm, it came back.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
DMAGENT

File::
c:\windows\system32\dqifco.dll

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMagent]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:

This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 8:41 pm

ComboFix 09-04-14.01 - Jack 04/15/2009 12:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.106 [GMT -7:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jack\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: Norton 360 *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\dqifco.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DMAGENT
-------\Service_DMagent

((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.

2009-04-15 16:13 . 2009-04-15 16:13 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-15 16:13 . 2009-04-15 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-14 04:22 . 2009-04-14 04:22 -------- d-----w c:\documents and settings\Guest2\Application Data\Symantec
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\Jack\Application Data\Malwarebytes
2009-04-13 15:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 15:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:55 . 2009-04-10 19:55 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Help
2009-04-10 02:39 . 2009-04-10 02:39 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Symantec
2009-04-08 21:35 . 2009-04-08 21:41 -------- d-----w c:\documents and settings\Jack\Application Data\Symantec
2009-04-08 21:28 . 2009-04-08 21:34 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-08 21:28 . 2009-04-08 21:34 60800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-08 21:28 . 2009-04-08 21:34 123952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-08 21:28 . 2009-04-08 21:34 10563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-08 21:08 . 2009-04-15 16:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-08 21:02 . 2009-04-08 21:02 -------- d-----w c:\documents and settings\Jack\Application Data\AVGTOOLBAR
2009-04-08 16:32 . 2009-04-08 18:27 627232 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-08 16:32 . 2009-04-08 18:27 2660 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-08 16:32 . 2009-04-08 18:27 17184 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-08 16:32 . 2009-04-08 18:27 10520 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-08 16:13 . 2009-04-08 17:38 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-08 16:13 . 2009-04-08 16:13 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-04-08 16:12 . 2009-04-08 16:12 -------- d-----w c:\documents and settings\Jack\Local Settings\Application Data\Downloaded Installations
2009-04-04 01:02 . 2009-04-04 01:02 -------- d-----w c:\documents and settings\Jack\Application Data\Grisoft
2009-04-04 01:01 . 2009-04-04 01:01 -------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2009-04-03 00:57 . 2009-04-03 00:57 -------- d-----w c:\windows\Sun
2009-04-01 18:37 . 2009-04-01 18:37 -------- d-----w c:\windows\system32\sys
2009-04-01 18:18 . 2009-04-01 18:18 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-03-25 05:16 . 2009-03-25 05:16 -------- d-----w c:\windows\Logs
2009-03-25 04:41 . 2009-03-25 05:04 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-03-25 01:10 . 2005-01-04 09:43 4682 ----a-w c:\windows\system32\npptNT2.sys
2009-03-25 01:10 . 2003-07-20 18:17 5174 ----a-w c:\windows\system32\nppt9x.vxd
2009-03-23 20:59 . 2004-08-04 07:08 31616 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-03-23 20:59 . 2004-08-04 07:08 31616 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-03-23 03:57 . 2009-03-23 03:57 -------- d-----w c:\documents and settings\Jack\Application Data\DAEMON Tools Pro
2009-03-23 03:45 . 2009-03-25 04:37 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-21 19:00 . 2009-04-15 15:41 -------- d-----w C:\pirata

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 19:34 . 2009-04-08 21:06 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-15 19:22 . 2009-04-08 21:32 -------- d-----w c:\program files\Norton 360
2009-04-13 15:46 . 2009-04-13 15:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-12 21:01 . 2009-02-12 23:28 -------- d-----w c:\program files\Garena
2009-04-08 21:34 . 2009-04-08 21:28 -------- d-----w c:\program files\Symantec
2009-04-08 21:33 . 2009-04-08 21:33 -------- d-----w c:\program files\Windows Sidebar
2009-04-08 17:38 . 2009-04-08 16:13 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-01 18:18 . 2009-02-12 04:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-01 18:18 . 2009-04-01 18:18 -------- d-----w c:\program files\Java
2009-04-01 17:41 . 2009-02-28 01:48 -------- d-----w c:\program files\Firaxis Games
2009-04-01 17:40 . 2009-04-01 17:40 -------- d-----w c:\program files\e-Games
2009-03-31 20:17 . 2009-01-25 21:52 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 03:09 . 2009-03-27 03:09 -------- d-----w c:\program files\Common Files\INCA Shared
2009-03-25 05:11 . 2009-03-23 03:47 -------- d-----w c:\program files\DAEMON Tools Pro
2009-03-15 00:03 . 2009-03-11 23:14 -------- d-----w c:\program files\AVS4YOU
2009-03-15 00:03 . 2009-03-11 23:17 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-13 04:28 . 2009-03-11 23:23 -------- d-----w c:\documents and settings\Jack\Application Data\AVS4YOU
2009-03-13 03:06 . 2009-03-13 03:04 -------- d-----w c:\documents and settings\Jack\Application Data\GetRightToGo
2009-03-13 02:58 . 2009-03-13 02:58 1405294 --sh--r c:\windows\system32\54C76F\18A57B.EXE
2009-03-11 23:22 . 2009-03-11 23:22 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-11 03:07 . 2004-07-17 15:36 163644 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-28 02:26 . 2009-02-28 02:26 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-26 13:46 . 2009-02-15 19:55 70864 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:51 . 2009-01-25 21:07 70864 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-21 02:50 . 2009-02-21 02:50 -------- d-----w c:\program files\Guitar Pro 5
2009-02-15 21:15 . 2009-02-15 20:59 76040 ----a-w c:\windows\system32\drivers\avgtdix.sys.install_backup
2009-02-15 21:15 . 2009-02-15 21:15 12936 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup_1
2009-02-15 21:15 . 2009-02-15 20:59 96520 ----a-w c:\windows\system32\drivers\avgldx86.sys.install_backup
2009-02-15 21:15 . 2009-02-15 20:59 26824 ----a-w c:\windows\system32\drivers\avgmfx86.sys.install_backup
2009-02-15 21:00 . 2009-02-15 21:00 12424 ----a-w c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-02-15 19:55 . 2009-02-15 19:55 129 ----a-w c:\documents and settings\Guest2\Local Settings\Application Data\fusioncache.dat
2009-02-15 19:55 . 2009-02-15 19:55 -------- d-----w c:\documents and settings\Guest2\Application Data\ATI
2009-02-08 00:21 . 2009-02-08 00:21 30 --sha-r c:\windows\pc-off.bat
2009-01-31 16:17 . 2009-01-25 20:57 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-29 03:49 . 2009-03-11 23:14 974848 ----a-w c:\windows\system32\mfc70.dll
2009-01-29 03:49 . 2009-03-11 23:14 487424 ----a-w c:\windows\system32\msvcp70.dll
2009-01-29 03:49 . 2009-03-11 23:14 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-01-29 03:49 . 2009-03-11 23:14 1700352 ----a-w c:\windows\system32\GdiPlus.dll
2009-01-29 03:49 . 2009-03-11 23:14 24576 ----a-w c:\windows\system32\msxml3a.dll
2009-01-25 22:02 . 2009-01-25 22:02 127 ----a-w c:\documents and settings\Jack\Local Settings\Application Data\fusioncache.dat
2009-01-25 21:53 . 2009-01-25 21:52 172 ----a-w C:\Sigmatel
2009-01-25 20:55 . 2009-01-25 20:55 21640 ----a-w c:\windows\system32\emptyregdb.dat
2008-06-30 20:2009-04-15 19:22 44:08 . c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-15 19:34 . 2009-04-15 19:34 16384 c:\windows\Temp\Perflib_Perfdata_6b0.dat
+ 2009-04-15 19:34 . 2009-04-15 19:34 16384 c:\windows\Temp\Perflib_Perfdata_2c8.dat
+ 2008-10-16 21:09 . 2008-10-16 21:09 43544 c:\windows\system32\wups2.dll
+ 2009-01-25 20:56 . 2008-10-16 21:08 34328 c:\windows\system32\wups.dll
+ 2009-01-25 20:56 . 2008-10-16 21:09 51224 c:\windows\system32\wuauclt.exe
+ 2009-04-15 15:51 . 2008-10-16 21:08 34328 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2009-04-15 16:13 . 2008-04-17 20:12 15464 c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspiWDM.sys
+ 2008-01-29 19:01 . 2008-04-17 20:12 15464 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-01-13 02:32 . 2008-07-31 00:42 23888 c:\windows\system32\drivers\COH_Mon.sys
+ 2009-01-25 20:56 . 2008-10-16 21:08 34328 c:\windows\system32\dllcache\wups.dll
+ 2009-01-25 20:56 . 2008-10-16 21:09 51224 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 04:56 . 2008-10-16 21:09 92696 c:\windows\system32\dllcache\cdm.dll
+ 2004-08-04 04:56 . 2008-10-16 21:09 92696 c:\windows\system32\cdm.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 202776 c:\windows\system32\wuweb.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 323608 c:\windows\system32\wucltui.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 561688 c:\windows\system32\wuapi.dll
- 2008-01-29 19:02 . 2008-01-29 19:02 107368 c:\windows\system32\GEARAspi.dll
+ 2008-01-29 19:02 . 2008-04-17 20:12 107368 c:\windows\system32\GEARAspi.dll
+ 2009-04-15 16:13 . 2008-04-17 20:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_D213663B6381F01E45A131159A9DEFE018321CB3\x86\GEARAspi.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 202776 c:\windows\system32\dllcache\wuweb.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 323608 c:\windows\system32\dllcache\wucltui.dll
+ 2009-01-25 20:56 . 2008-10-16 21:12 561688 c:\windows\system32\dllcache\wuapi.dll
+ 2008-02-21 22:02 . 2008-02-21 22:02 873848 c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LUALL.EXE
+ 2009-04-15 19:32 . 2005-10-21 03:02 163328 c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-25 20:56 . 2008-10-16 21:13 1809944 c:\windows\system32\wuaueng.dll
+ 2009-01-25 20:56 . 2008-10-16 21:13 1809944 c:\windows\system32\dllcache\wuaueng.dll

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 8:42 pm

+ 2008-02-21 22:02 . 2008-02-21 22:02 3220856 c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LuComServer.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-04-01 18:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-04-01 18:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 10:47 160496 ----a-w c:\progra~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\program files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-06-30 349552]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-07-28 882416]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "c:\program files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll" [2008-06-30 349552]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"L08AXLRD_1082468"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" [2007-05-21 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-09-22 57344]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"\\Ace\EPSON Stylus C59 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE" [2006-02-22 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-01 148888]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"SigmatelSysTrayApp"="sttray.exe" - c:\windows\sttray.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-9-22 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll [2006-08-25 133120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Garena\\Garena.exe"=

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-16 101936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\system32\shdocvw.dll
SharedTaskScheduler-{8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
ShellExecuteHooks-{AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll
SSODL-WebCheck-{E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %SystemRoot%\system32\webcheck.dll

.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~2\OFFICE11\REFIEBAR.DLL
IE: {{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\program files\Common Files\System\Ole DB\MSDAIPP.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\945wbpqm.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.

**************************************************************************

qweiopqiwoep · by qweiopqiwoep on Tue 14 Apr 2009, 8:42 pm

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-15 12:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2628)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\stacsv.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-15 19:37
ComboFix2.txt 2009-04-15 15:52
ComboFix3.txt 2009-04-14 18:52

Pre-Run: 40,361,095,168 bytes free
Post-Run: 40,350,679,040 bytes free

281

**Belahzur** · by **Belahzur** on Wed 15 Apr 2009, 7:20 am

The bad file is gone.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

This will also reset your restore points.

How is the machine running now?

qweiopqiwoep · by qweiopqiwoep on Wed 15 Apr 2009, 4:32 pm

TY! my computer now has no pop-ups and is running smoothly. I just have a question : am I going to uninstall malwarebytes or just keep it with my norton360?

**Belahzur** · by **Belahzur** on Wed 15 Apr 2009, 5:06 pm

Keep MBAM.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck.

qweiopqiwoep · by qweiopqiwoep on Wed 15 Apr 2009, 5:20 pm

Thanks for all the help! Uhm , about all of the programs you recommended will all of them slow down the performance of my pc and do i hae to run them all the time?

**Belahzur** · by **Belahzur** on Wed 15 Apr 2009, 5:21 pm

Yeah, they probably will slow it down if you run all 4. Just run one or two.

blocked sites ! help needed pls!

blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

THIS IS THE LOGFILE

Part2

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!

Re: blocked sites ! help needed pls!