Active Search Results Redirected

[Active] Search Results Redirected

um my computer recently picked up a trojan, and i think i was able to remove it using AVG Anti-Virus Free, yet when i try to search stuff up on google and other search engines, i keep getting redircted to irrelavent sites and also i get random pop ups =(

Here are my logs:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Richard at 15:29:05.90 on 09/01/2009 Tue
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.1023.58 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\mstre21.exe
C:\windows\pp11.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\LimeWire\LimeWire.exe
svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sySTEM32\svchost.exe -k ddnsfilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\5EIE1ZW0\dds[1].scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PPS Accelerator] c:\program files\ppstream\ppsap.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe "
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [QuickTime Task] "c:\program files\stormii\codec\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [sysldtray] c:\windows\ld14.exe
mRun: [Sysmstray] c:\windows\mstre21.exe
mRun: [sysfbtray] c:\windows\freddy61.exe
mRun: [pp] c:\windows\pp11.exe
StartupFolder: c:\docume~1\richard\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\1f9g3kdw.default\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.enforce_same_site_origin ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.cache_size ", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.ogg.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.wave.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "media.autoplay.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.urlbar.autocomplete.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "capability.policy.mailnews.*.wholeText ", "noAccess ");
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.storage.default_quota ", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref( "content.sink.event_probe_rate ", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.http.prompt-temp-redirect ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.dpi ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "layout.css.devPixelsPerPx ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "gestures.enable_single_finger_input ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.max_chrome_script_run_time ", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.tcp.sendbuffer ", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref( "geo.enabled ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.remember_cert_checkbox_default_setting ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-cjkt ", "moz35 ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.blocklist.level ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.restrict.typed ", "~ ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.urlbar.default.behavior ", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.clearOnShutdown.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.history ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.formdata ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.passwords ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.downloads ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cookies ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.cache ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.sessions ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.offlineApps ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.cpd.siteSettings ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "privacy.sanitize.migrateFx3Prefs ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.ssl_override_behavior ", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "security.alternate_certificate_error_page ", "certerror ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.autostart ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "geo.wifi.uri ", "https://www.google.com/loc/json ");

============= SERVICES / DRIVERS ===============

R?2 ddnsfilter;ddnsfilter;c:\windows\system32\svchost.exe -k ddnsfilter [2008-4-14 14336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-6 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-6 27784]
R1 Filter;Filter;c:\windows\system32\drivers\Filter.sys [2009-8-31 37760]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-6 297752]

=============== Created Last 30 ================

2009-08-31 21:29 6,808 a------- c:\windows\ex1234.dat
2009-08-31 21:26 97,280 a------- c:\windows\vkl_1251775510
2009-08-31 20:00 1 a------- c:\windows\ectbbyn.dat
2009-08-31 20:00 1 ----h--- c:\windows\ex23567.dat
2009-08-31 20:00 1 a------- c:\windows\fdgg34353edfgdfdf
2009-08-31 20:00 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-08-31 20:00 36,864 ----h--- c:\windows\pp11.exe
2009-08-31 20:00 37,760 a------- c:\windows\system32\drivers\Filter.sys
2009-08-31 20:00 <DIR> --d----- c:\program files\DDnsFilter
2009-08-31 19:59 2 a------- c:\windows\0535251103110107106.yux
2009-08-31 19:59 86,016 a------- c:\windows\mstre21.exe
2009-08-31 19:59 1 ----h--- c:\windows\mmsmark2.dat
2009-08-31 19:59 2 a------- c:\windows\0101120101464950.xe
2009-08-31 19:59 69,632 a------- c:\windows\freddy61.exe
2009-08-31 19:59 2 a------- c:\windows\0101120101464954.xe
2009-08-31 19:59 36,864 a------- c:\windows\ld14.exe
2009-08-27 22:04 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-08-27 22:00 7,912 a------- c:\windows\system32\d3d9caps.dat
2009-08-27 21:56 10 a------- c:\windows\WININIT.INI
2009-08-27 21:42 14,048 -------- c:\windows\system32\spmsg2.dll
2009-08-27 21:42 <DIR> --d----- c:\windows\system32\zh-CN
2009-08-27 21:40 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-27 21:39 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-27 21:39 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-27 21:39 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-27 21:39 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-27 21:39 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-27 21:39 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-08-27 21:39 <DIR> --d----- C:\b2c33c313140939b909b51
2009-08-27 21:39 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-27 21:17 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-08-27 21:03 <DIR> --d----- c:\program files\LucasArts
2009-08-27 13:05 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-08-18 22:11 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-08-18 22:06 <DIR> --d----- c:\program files\EA Sports
2009-08-18 21:53 <DIR> --d----- c:\program files\DAEMON Tools Pro
2009-08-18 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-08-18 21:48 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-08-18 21:48 <DIR> --d----- c:\docume~1\richard\applic~1\DAEMON Tools Pro
2009-08-18 16:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\n7-89-o9-3r-4t-r9
2009-08-18 16:35 <DIR> --d----- c:\program files\AutoTek
2009-08-17 20:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-08-17 20:38 <DIR> --d----- C:\GameHouse Games
2009-08-17 20:37 <DIR> --d----- c:\program files\RealArcade
2009-08-17 20:04 <DIR> --d----- c:\program files\3DGroove
2009-08-14 22:21 <DIR> --d----- c:\program files\Windows Journal Viewer
2009-08-13 15:06 <DIR> --d----- c:\program files\jesse
2009-08-12 20:52 <DIR> --d----- c:\windows\system32\Adobe
2009-08-12 19:51 <DIR> --d----- c:\program files\DivX
2009-08-12 19:51 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-10 19:46 <DIR> --d----- c:\docume~1\richard\applic~1\LimeWire
2009-08-10 19:43 <DIR> --d----- c:\program files\LimeWire
2009-08-10 18:10 <DIR> --d----- c:\program files\uTorrent
2009-08-10 18:10 <DIR> --d----- c:\docume~1\richard\applic~1\uTorrent
2009-08-10 17:04 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-08-10 17:04 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-10 17:03 <DIR> --d----- c:\program files\iPod
2009-08-10 17:03 <DIR> --d----- c:\program files\iTunes
2009-08-10 17:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 17:03 <DIR> --d----- c:\program files\Bonjour
2009-08-07 18:17 5,632 a------- c:\windows\system32\ptpusb.dll
2009-08-07 18:17 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-08-07 18:17 159,232 a------- c:\windows\system32\ptpusd.dll
2009-08-07 18:17 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-08-07 11:22 268,648 a------- c:\windows\system32\mucltui.dll
2009-08-07 11:22 208,744 a------- c:\windows\system32\muweb.dll
2009-08-07 11:22 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-08-06 23:29 <DIR> --d----- C:\CrashReport
2009-08-06 23:18 <DIR> --d----- c:\program files\Runes of Magic
2009-08-06 22:41 34 a------- c:\documents and settings\richard\jagex_runescape_preferences.dat
2009-08-06 22:41 <DIR> --d----- c:\windows\.jagex_cache_32
2009-08-06 19:02 <DIR> --d----- c:\documents and settings\richard\Tracing
2009-08-06 19:01 <DIR> --d----- c:\program files\Microsoft
2009-08-06 19:01 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-06 19:00 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-08-06 18:59 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-06 18:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-06 18:55 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-06 18:00 23 a------- c:\windows\PCDNSetting.ini
2009-08-06 17:31 <DIR> --d----- c:\windows\pss
2009-08-06 17:29 113 a------- c:\windows\PPSMediaList.ini
2009-08-06 17:29 83 a------- c:\windows\powerlist.ini
2009-08-06 17:29 608 a------- c:\windows\psnetwork.ini
2009-08-06 17:29 440 a------- c:\windows\powerplayer.ini
2009-08-06 17:29 <DIR> --d----- c:\docume~1\richard\applic~1\PPStream
2009-08-06 17:29 <DIR> --d----- c:\program files\PPStream
2009-08-06 17:27 <DIR> --d----- c:\program files\common files\Real
2009-08-06 17:27 <DIR> --d----- c:\program files\StormII
2009-08-06 17:25 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-06 17:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-06 17:25 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-08-06 17:25 <DIR> --d----- c:\program files\AVG
2009-08-06 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-06 17:23 127,488 -------- c:\windows\system32\drivers\imagesrv.sys
2009-08-06 17:23 5,888 -------- c:\windows\system32\drivers\imagedrv.sys
2009-08-06 17:23 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-08-06 17:23 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-08-06 17:23 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-08-06 17:23 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-08-06 17:23 364,544 -------- c:\windows\system32\TwnLib4.dll
2009-08-06 17:23 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-08-06 17:23 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-08-06 17:22 499,712 a------- c:\windows\system32\msvcp71.dll
2009-08-06 17:22 348,160 a------- c:\windows\system32\msvcr71.dll
2009-08-06 17:20 0 a------- c:\windows\ativpsrm.bin
2009-08-06 17:18 <DIR> --d----- c:\program files\ATI Technologies
2009-08-06 17:18 <DIR> --d----- C:\ATI
2009-08-06 17:12 <DIR> --dsh--- c:\documents and settings\richard\IECompatCache
2009-08-06 17:12 <DIR> --dsh--- c:\documents and settings\richard\PrivacIE
2009-08-06 17:10 <DIR> --dsh--- c:\documents and settings\richard\IETldCache
2009-08-06 17:06 <DIR> -cd-h--- c:\windows\ie8
2009-08-06 17:02 83,072 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-08-06 16:59 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-06 16:59 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-06 16:59 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-06 16:58 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-08-06 16:57 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-08-06 16:55 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-08-06 16:55 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-06 16:55 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-08-06 16:55 <DIR> --d----- c:\windows\system32\PreInstall
2009-08-06 16:55 <DIR> --d-h--- c:\windows\$hf_mig$
2009-08-06 16:54 <DIR> --dsh--- c:\documents and settings\richard\UserData
2009-08-06 16:51 <DIR> --d----- c:\documents and settings\Richard
2009-08-06 16:51 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-08-06 16:51 13,588 a------- c:\windows\system32\wpa.bak
2009-08-06 16:50 <DIR> --ds---- c:\windows\system32\Microsoft
2009-08-06 16:48 8,192 a------- c:\windows\REGLOCS.OLD
2009-08-06 16:46 26,112 ac------ c:\windows\system32\dllcache\EXCH_seos.dll
2009-08-06 16:45 32,827 ac------ c:\windows\system32\dllcache\tcptest.exe
2009-08-06 16:44 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-08-06 16:44 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-08-06 16:44 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-08-06 16:43 <DIR> --d----- c:\program files\common files\MSSoap
2009-08-06 16:42 <DIR> --d----- c:\program files\Online Services
2009-08-06 16:42 <DIR> --d----- c:\program files\Messenger
2009-08-06 16:42 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-08-06 16:41 <DIR> --d----- c:\program files\Windows NT
2009-08-06 11:36 <DIR> --d----- c:\program files\common files\ODBC
2009-08-06 11:36 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-08-06 11:36 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-08-31 21:13 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-06 16:43 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-08-05 03:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 13:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 11:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-26 10:50 81,920 -------- c:\windows\system32\ieencode.dll
2009-06-16 08:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 06:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 08:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 00:14 132,096 a------- c:\windows\system32\wkssvc.dll

============= FINISH: 15:29:24.98 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/6/2009 4:47:20 PM
System Uptime: 8/31/2009 9:24:07 PM (18 hours ago)

Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 85.794 GiB free.
D: is FIXED (NTFS) - 89 GiB total, 76.13 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\3&61AAA01&0&50
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_1057&DEV_3052&SUBSYS_30201057&REV_04\3&61AAA01&0&50
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3D Groove Playback Engine
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.08 雨林木风版
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free 8.5
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
DivX Web Player
GameHouse
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Java(TM) 6 Update 15
LimeWire 5.2.13
Madden NFL 08
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CHS
Microsoft .NET Framework 3.5 Language Pack SP1 - chs
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 语言包 - 简体中文
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MONOPOLY - SpongeBob SquarePants Edition
Mozilla Firefox (3.5.2)
MSVCRT
Nero 6.6.1.4 óêá???·?°?
PPS网络电视 V2.6.86.8896 正式版
QuickTime
Runes of Magic
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skins
SpongeBob Monopoly Free
System Requirements Lab
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 压缩文件管理器
XML Paper Specification Shared Components Language Pack 1.0
μTorrent
暴风影音

==== Event Viewer Messages From Past Week ========

8/31/2009 9:26:30 PM, error: Service Control Manager [7022] - The ddnsfilter service hung on starting.
8/30/2009 8:40:09 PM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 0013D4185489 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
8/27/2009 9:56:10 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\ati2mtag.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 6.14.10.6925.

==== End Of File ===========================


thank you and any help would be appreciated =]

 

Hi hansy
Welcome to WindowsBBS

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

Please do the following.

Download Malwarebytes' Anti-Malware (MBAM) from here or here and save the file to your desktop.

Double click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select 'Perform Quick Scan', then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Post the entire report in your next reply along with a new DDS log.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Thanks
Geri

 

hi thank you for replying =]
i have uninstalled my P2P softwares
and i am unable to download MBAM as the first link leads to an error saying Internet Explorer cannot display the page and the page for the second link works but when i try to download it i get another error saying Internet Explorer cannot display the page...

 

Hi
OK please do this.

Download ComboFix from Here

Before saving it rename it to Mobofcix.exe then download it to your Desktop.

Please run it this way.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
Geri

 

yay =D i think this fixed it
thank you very much =]
here's the log:

ComboFix 09-09-03.02 - Richard 03/09/2009 16:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.635 [GMT -6:00]
Running from: c:\documents and settings\Richard\Desktop\mobofcix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\program files\StormII
c:\program files\StormII\BFThumbs.dll
c:\program files\StormII\box\BoxLog.dll
c:\program files\StormII\box\cache\readme.txt
c:\program files\StormII\box\HttpServer.dll
c:\program files\StormII\box\InstallInfo.ini
c:\program files\StormII\box\MovieBoxCore.dll
c:\program files\StormII\box\MovieBoxPS.dll
c:\program files\StormII\box\skin\MovieBox.zip
c:\program files\StormII\box\Stline.exe
c:\program files\StormII\box\UILib.dll
c:\program files\StormII\box\UiManager.dll
c:\program files\StormII\box\UiPlay.dll
c:\program files\StormII\box\UitvWrapper_dll.dll
c:\program files\StormII\BugReport.exe
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\binkw32.dll
c:\program files\StormII\codec\bsrsrc.ax
c:\program files\StormII\codec\bsrsrc_15.ax
c:\program files\StormII\codec\bsrsrc_440.ax
c:\program files\StormII\codec\BsrVideoDec.ax
c:\program files\StormII\codec\BsrVideoDec_15.ax
c:\program files\StormII\codec\bsrVideoDec_440.ax
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLVsd.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\DEC_StdMpeg4.dll
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\dxvadec.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\EmzAMRNBDec.dll
c:\program files\StormII\codec\EmzMp4Source.dll
c:\program files\StormII\codec\EzdAMRWBDec.dll
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_vfw.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\Flash.ocx
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\G722ADEC.dll
c:\program files\StormII\codec\H264VDEC.dll
c:\program files\StormII\codec\HBGKDec.ax
c:\program files\StormII\codec\HBGKSrc.ax
c:\program files\StormII\codec\HikAudioDec.ax
c:\program files\StormII\codec\HikDataDump.ax
c:\program files\StormII\codec\HikFileSource.ax
c:\program files\StormII\codec\HikFileSplitter.ax
c:\program files\StormII\codec\HikH264Dec.ax
c:\program files\StormII\codec\HikMpeg4Dec.ax
c:\program files\StormII\codec\HikPSDemux.ax
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\ir50_32.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\Microsoft.VC90.CRT.manifest
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\Mp4Audio.ax
c:\program files\StormII\codec\MP4Demux.ax
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\Mp4Src.ax
c:\program files\StormII\codec\Mp4Video.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\MPlayer.exe
c:\program files\StormII\codec\msvcp71.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\msvcr90.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\NeSplitter.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\QTPlugin.ocx
c:\program files\StormII\codec\QTSystem\QuickTime.qtp
c:\program files\StormII\codec\QTTask.exe
c:\program files\StormII\codec\RadGtSplitter.ax
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\RenderFilter.ax
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\smackw32.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\codec\yv12vfw.dll
c:\program files\StormII\Config.dll
c:\program files\StormII\CoreLog.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\game.ico
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\GifParser.dll
c:\program files\StormII\jscript.dll
c:\program files\StormII\kcheck2.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\mediainfo.dll
c:\program files\StormII\MediaLib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\minfo\MediaInfo2.dll
c:\program files\StormII\minfo\MInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\Option.dll
c:\program files\StormII\playlist.smpl
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\Skin\??1??.zip
c:\program files\StormII\Skin\??2??.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\Storm.exe
c:\program files\StormII\StormBox.ico
c:\program files\StormII\stormpop.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\StormSkinRes.dll
c:\program files\StormII\Stormtray.exe
c:\program files\StormII\StormUpdate.dll
c:\program files\StormII\StormUpdate.exe
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\swDirScaner.dll
c:\program files\StormII\swf\ku6.swf
c:\program files\StormII\swf\tudou.swf
c:\program files\StormII\Tips.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\windows\0101120101464950.xe
c:\windows\0101120101464954.xe
c:\windows\freddy61.exe
c:\windows\ld14.exe
c:\windows\mstre21.exe
c:\windows\pp11.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SfX
-------\Legacy_ddnsfilter
-------\Service_ddnsfilter


((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-02 04:26 . 2009-09-02 04:26 -------- d-----w- c:\documents and settings\Richard\Application Data\CopyTrans
2009-09-02 04:25 . 2009-09-02 04:25 -------- d-----w- c:\documents and settings\Richard\Application Data\iLibs
2009-09-02 04:25 . 2009-09-02 04:25 -------- d-----w- c:\documents and settings\Richard\Application Data\iCloner
2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\program files\WindSolutions
2009-09-02 04:23 . 2009-09-02 04:23 -------- d-----w- c:\documents and settings\Richard\Application Data\WindSolutions
2009-09-02 04:23 . 2009-09-02 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-09-01 21:16 . 2009-09-01 21:16 0 ----a-w- c:\windows\nsreg.dat
2009-09-01 21:16 . 2009-09-01 21:16 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Mozilla
2009-09-01 03:29 . 2009-09-01 10:39 6808 ----a-w- c:\windows\ex1234.dat
2009-09-01 02:00 . 2009-09-01 02:00 1 ----a-w- c:\windows\ectbbyn.dat
2009-09-01 02:00 . 2009-09-01 02:00 1 ---h--w- c:\windows\ex23567.dat
2009-09-01 02:00 . 2009-09-03 18:07 -------- d--h--w- C:\$AVG8.VAULT$
2009-09-01 02:00 . 2009-09-01 02:00 37760 ----a-w- c:\windows\system32\drivers\Filter.sys
2009-09-01 01:59 . 2009-09-01 01:59 1 ---h--w- c:\windows\mmsmark2.dat
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\ATI
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\Richard\Application Data\ATI
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-08-28 04:04 . 2009-04-28 03:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-28 04:00 . 2009-09-02 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-28 03:42 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-08-28 03:42 . 2009-08-28 03:42 -------- d-----w- c:\windows\system32\zh-CN
2009-08-28 03:40 . 2009-08-28 03:40 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-28 03:40 . 2009-08-28 03:40 -------- d-----w- c:\program files\MSBuild
2009-08-28 03:40 . 2009-08-28 03:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-28 03:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-28 03:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-28 03:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-28 03:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-28 03:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-28 03:39 . 2009-08-28 03:40 -------- d-----w- C:\b2c33c313140939b909b51
2009-08-28 03:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-28 03:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-28 03:17 . 2009-08-28 03:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-28 03:03 . 2009-08-28 03:03 -------- d-----w- c:\program files\LucasArts
2009-08-19 04:11 . 2009-08-19 04:11 -------- d--h--r- c:\documents and settings\Richard\Application Data\SecuROM
2009-08-19 04:11 . 2009-08-19 04:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-19 03:53 . 2009-08-19 04:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-19 03:53 . 2009-08-19 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-08-19 03:48 . 2009-08-19 03:48 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-19 03:48 . 2009-08-19 04:04 -------- d-----w- c:\documents and settings\Richard\Application Data\DAEMON Tools Pro
2009-08-18 22:36 . 2009-08-18 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-08-18 22:35 . 2009-08-18 22:35 -------- d-----w- c:\program files\AutoTek
2009-08-18 03:53 . 2009-08-18 03:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-18 03:53 . 2009-09-01 03:11 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Google
2009-08-18 02:44 . 2009-08-18 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-18 02:38 . 2009-08-18 02:38 -------- d-----w- C:\GameHouse Games
2009-08-18 02:37 . 2009-08-18 02:38 -------- d-----w- c:\program files\RealArcade
2009-08-18 02:04 . 2009-08-18 02:04 -------- d-----w- c:\program files\3DGroove
2009-08-15 23:31 . 2009-08-15 23:31 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Identities
2009-08-15 04:21 . 2009-08-15 04:21 -------- d-----w- c:\program files\Windows Journal Viewer
2009-08-13 22:03 . 2009-08-13 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-13 21:06 . 2009-08-23 02:47 -------- d-----w- c:\program files\jesse
2009-08-13 02:52 . 2009-08-16 22:42 -------- d-----w- c:\windows\system32\Adobe
2009-08-13 01:51 . 2009-08-13 01:52 -------- d-----w- c:\program files\DivX
2009-08-13 01:51 . 2009-08-13 01:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-12 09:01 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-11 01:46 . 2009-09-02 03:35 -------- d-----w- c:\documents and settings\Richard\Application Data\LimeWire
2009-08-11 00:10 . 2009-09-02 23:26 -------- d-----w- c:\documents and settings\Richard\Application Data\uTorrent
2009-08-10 23:04 . 2009-09-02 05:25 -------- d-----w- c:\documents and settings\Richard\Application Data\Apple Computer
2009-08-10 23:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-10 23:04 . 2009-03-19 22:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\program files\iPod
2009-08-10 23:03 . 2009-08-10 23:04 -------- d-----w- c:\program files\iTunes
2009-08-10 23:03 . 2009-08-10 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\program files\Bonjour
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\program files\QuickTime
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Apple
2009-08-10 23:02 . 2009-08-10 23:02 -------- d-----w- c:\program files\Apple Software Update
2009-08-10 23:02 . 2009-08-10 23:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-10 23:02 . 2009-07-09 18:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-10 23:02 . 2009-07-09 18:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-10 23:02 . 2009-09-02 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-10 23:02 . 2009-08-10 23:02 -------- d-----w- c:\program files\Common Files\Apple
2009-08-10 23:02 . 2009-08-10 23:04 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Apple Computer
2009-08-08 00:17 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-08 00:17 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-08 00:17 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-08 00:17 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-08-07 17:22 . 2008-10-16 20:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 17:22 . 2008-10-16 20:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 05:29 . 2009-08-07 05:29 -------- d-----w- C:\CrashReport
2009-08-07 05:18 . 2009-08-08 01:18 -------- d-----w- c:\program files\Runes of Magic
2009-08-07 04:41 . 2009-08-29 18:40 34 ----a-w- c:\documents and settings\Richard\jagex_runescape_preferences.dat
2009-08-07 04:41 . 2009-08-16 20:42 -------- d-----w- c:\windows\.jagex_cache_32
2009-08-07 04:41 . 2009-08-07 04:41 -------- d-----w- c:\windows\Sun
2009-08-07 01:02 . 2009-09-01 21:26 -------- d-----w- c:\documents and settings\Richard\Tracing
2009-08-07 01:01 . 2009-08-07 01:01 -------- d-----w- c:\program files\Microsoft
2009-08-07 01:01 . 2009-08-07 01:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-07 01:00 . 2009-08-07 01:01 -------- d-----w- c:\program files\Windows Live
2009-08-07 01:00 . 2009-08-07 01:00 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-07 00:59 . 2009-08-07 00:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-07 00:59 . 2009-08-07 00:59 -------- d-----w- c:\program files\Java
2009-08-07 00:55 . 2009-08-07 00:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-07 00:55 . 2009-09-03 22:28 20264 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 23:29 . 2009-08-06 23:29 -------- d-----w- c:\documents and settings\Richard\Application Data\PPStream
2009-08-06 23:29 . 2009-08-12 09:09 -------- d-----w- c:\program files\PPStream
2009-08-06 23:27 . 2009-08-06 23:27 -------- d-----w- c:\program files\Common Files\Real
2009-08-06 23:27 . 2009-08-06 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-08-06 23:25 . 2009-08-22 17:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-06 23:25 . 2009-08-22 17:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 23:25 . 2009-08-22 17:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-06 23:25 . 2009-09-01 00:34 -------- d-----w- c:\windows\system32\drivers\Avg
2009-08-06 23:25 . 2009-08-06 23:25 -------- d-----w- c:\program files\AVG
2009-08-06 23:25 . 2009-08-06 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-06 23:23 . 2005-09-01 17:03 5888 ------w- c:\windows\system32\drivers\imagedrv.sys
2009-08-06 23:23 . 2005-09-01 17:03 127488 ------w- c:\windows\system32\drivers\imagesrv.sys
2009-08-06 23:23 . 2004-07-26 22:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-08-06 23:23 . 2004-07-26 22:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-08-06 23:23 . 2004-07-26 22:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-08-06 23:23 . 2004-07-26 22:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-08-06 23:23 . 2004-07-09 14:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-08-06 23:23 . 2000-06-26 16:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-08-06 23:23 . 2009-08-06 23:23 -------- d-----w- c:\program files\Ahead
2009-08-06 23:23 . 2009-08-06 23:23 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-06 23:23 . 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-08-06 23:22 . 2009-08-06 23:22 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Adobe
2009-08-06 23:22 . 2009-08-06 23:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 23:22 . 2004-04-05 16:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-06 23:22 . 2004-02-28 20:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-06 23:20 . 2009-08-06 23:20 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-06 23:18 . 2009-08-30 09:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-06 23:18 . 2009-08-28 04:06 -------- d-----w- c:\program files\ATI Technologies
2009-08-06 23:18 . 2009-08-28 04:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-06 23:18 . 2009-08-06 23:18 -------- d-----w- C:\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 04:06 . 2009-08-19 04:06 -------- d-----w- c:\program files\EA Sports
2009-08-06 22:45 . 2009-08-06 22:45 -------- d-----w- c:\program files\microsoft frontpage
2009-08-06 22:43 . 2009-08-06 22:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 18:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-04-14 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2009-08-06 22:41 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator "= "c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 149280]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"AlcxMonitor "= "ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 17:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\PPStream\\PPStream.exe "=
"c:\\Program Files\\PPStream\\PPSAP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\EA Sports\\Madden NFL 08\\Updater.exe "=
"d:\\Documents and Settings\\Richard\\My Documents\\Red Alert 2\\game.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP "= 8085:TCP:ddnsfilter

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/08/2009 5:25 PM 335240]
R1 Filter;Filter;c:\windows\system32\drivers\Filter.sys [31/08/2009 8:00 PM 37760]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/08/2009 5:25 PM 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-QuickTime Task - c:\program files\StormII\Codec\qttask.exe
HKLM-Run-sysfbtray - c:\windows\freddy61.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\1f9g3kdw.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 16:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3408)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-09-03 16:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 22:38

Pre-Run: 91,062,104,064 bytes free
Post-Run: 91,613,216,768 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

493 --- E O F --- 2009-08-30 09:03

 

Hi
OK looking good.

Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

**NOTE - Allow ComboFix to update if prompted.

Code:

File::
c:\windows\ex1234.dat
c:\windows\ectbbyn.dat
c:\windows\ex23567.dat
c:\windows\mmsmark2.dat
Folder::
c:\documents and settings\Richard\Application Data\LimeWire
c:\documents and settings\Richard\Application Data\uTorrent

Please post the Combofix log.

Thanks
Geri

 

alright =]
heres the log:

ComboFix 09-09-06.02 - Richard 06/09/2009 15:36.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.484 [GMT -6:00]
Running from: c:\documents and settings\Richard\Desktop\mobofcix.exe
Command switches used :: c:\documents and settings\Richard\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\ectbbyn.dat "
"c:\windows\ex1234.dat "
"c:\windows\ex23567.dat "
"c:\windows\mmsmark2.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard\Application Data\LimeWire
c:\documents and settings\Richard\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Richard\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Richard\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Richard\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Richard\Application Data\LimeWire\downloads.dat
c:\documents and settings\Richard\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Richard\Application Data\LimeWire\gnutella.net
c:\documents and settings\Richard\Application Data\LimeWire\installation.props
c:\documents and settings\Richard\Application Data\LimeWire\library.dat
c:\documents and settings\Richard\Application Data\LimeWire\library5.dat
c:\documents and settings\Richard\Application Data\LimeWire\limewire.props
c:\documents and settings\Richard\Application Data\LimeWire\lock
c:\documents and settings\Richard\Application Data\LimeWire\mojito.props
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Richard\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Richard\Application Data\LimeWire\player.props
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.backup.new
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Richard\Application Data\LimeWire\promotion\promodb.script.new
c:\documents and settings\Richard\Application Data\LimeWire\questions.props
c:\documents and settings\Richard\Application Data\LimeWire\responses.cache
c:\documents and settings\Richard\Application Data\LimeWire\simpp.xml
c:\documents and settings\Richard\Application Data\LimeWire\spam.dat
c:\documents and settings\Richard\Application Data\LimeWire\tables.props
c:\documents and settings\Richard\Application Data\LimeWire\version.xml
c:\documents and settings\Richard\Application Data\LimeWire\versions.props
c:\documents and settings\Richard\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Richard\Application Data\uTorrent
c:\documents and settings\Richard\Application Data\uTorrent\dht.dat
c:\documents and settings\Richard\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Richard\Application Data\uTorrent\Heroes of Might and Magic III [Geedunk].rar.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Heroes_Of_Might_And_Magic_V_Tribes_Of_The_East-PROCYON.torrent
c:\documents and settings\Richard\Application Data\uTorrent\madden2008.7z.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Monopoly-SpongeBob SquarePants Edition.rar.1.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Monopoly-SpongeBob SquarePants Edition.rar.2.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Monopoly-SpongeBob SquarePants Edition.rar.3.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Monopoly-SpongeBob SquarePants Edition.rar.torrent
c:\documents and settings\Richard\Application Data\uTorrent\MS Office 2007.iso.torrent
c:\documents and settings\Richard\Application Data\uTorrent\Red Alert 2 Yuri's Revenge.torrent
c:\documents and settings\Richard\Application Data\uTorrent\resume.dat
c:\documents and settings\Richard\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Richard\Application Data\uTorrent\rss.dat
c:\documents and settings\Richard\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Richard\Application Data\uTorrent\settings.dat
c:\documents and settings\Richard\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Richard\Application Data\uTorrent\SpongeBob Monopoly.exe.torrent
c:\windows\ectbbyn.dat
c:\windows\ex1234.dat
c:\windows\ex23567.dat
c:\windows\mmsmark2.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-04 02:07 . 2009-09-04 22:44 -------- d-----w- c:\windows\LastGood
2009-09-04 02:06 . 2006-10-27 01:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-09-04 02:05 . 2009-09-04 02:05 -------- d-----w- c:\program files\Microsoft Works
2009-09-04 02:04 . 2009-09-04 02:04 -------- d-----w- c:\program files\Microsoft.NET
2009-09-04 02:02 . 2009-09-04 02:02 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-04 02:00 . 2009-09-04 02:05 -------- d-----w- c:\windows\SHELLNEW
2009-09-04 02:00 . 2009-09-04 02:00 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Microsoft Help
2009-09-04 01:59 . 2009-09-05 09:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-04 01:59 . 2009-09-04 01:59 -------- d--h--r- C:\MSOCache
2009-09-03 23:15 . 2009-09-03 23:22 45 ----a-w- c:\documents and settings\Richard\jagex_runescape_preferences2.dat
2009-09-02 04:26 . 2009-09-02 04:26 -------- d-----w- c:\documents and settings\Richard\Application Data\CopyTrans
2009-09-02 04:25 . 2009-09-02 04:25 -------- d-----w- c:\documents and settings\Richard\Application Data\iLibs
2009-09-02 04:25 . 2009-09-02 04:25 -------- d-----w- c:\documents and settings\Richard\Application Data\iCloner
2009-09-02 04:24 . 2009-09-02 04:24 -------- d-----w- c:\program files\WindSolutions
2009-09-02 04:23 . 2009-09-02 04:23 -------- d-----w- c:\documents and settings\Richard\Application Data\WindSolutions
2009-09-02 04:23 . 2009-09-02 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WindSolutions
2009-09-01 21:16 . 2009-09-01 21:16 0 ----a-w- c:\windows\nsreg.dat
2009-09-01 21:16 . 2009-09-01 21:16 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Mozilla
2009-09-01 02:00 . 2009-09-06 18:59 -------- d--h--w- C:\$AVG8.VAULT$
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\ATI
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\Richard\Application Data\ATI
2009-08-28 04:08 . 2009-08-28 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-08-28 04:04 . 2009-04-28 03:20 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-28 04:00 . 2009-09-02 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-28 03:42 . 2006-06-29 19:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-08-28 03:42 . 2009-08-28 03:42 -------- d-----w- c:\windows\system32\zh-CN
2009-08-28 03:40 . 2009-08-28 03:40 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-28 03:40 . 2009-09-04 02:05 -------- d-----w- c:\program files\MSBuild
2009-08-28 03:40 . 2009-08-28 03:40 -------- d-----w- c:\program files\Reference Assemblies
2009-08-28 03:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-28 03:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-28 03:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-28 03:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-28 03:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-28 03:39 . 2009-08-28 03:40 -------- d-----w- C:\b2c33c313140939b909b51
2009-08-28 03:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-28 03:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-28 03:17 . 2009-08-28 03:18 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-08-28 03:03 . 2009-08-28 03:03 -------- d-----w- c:\program files\LucasArts
2009-08-19 04:11 . 2009-08-19 04:11 -------- d--h--r- c:\documents and settings\Richard\Application Data\SecuROM
2009-08-19 04:11 . 2009-08-19 04:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-19 03:53 . 2009-08-19 04:01 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-19 03:53 . 2009-08-19 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-08-19 03:48 . 2009-08-19 03:48 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-19 03:48 . 2009-08-19 04:04 -------- d-----w- c:\documents and settings\Richard\Application Data\DAEMON Tools Pro
2009-08-18 22:36 . 2009-08-18 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2009-08-18 22:35 . 2009-08-18 22:35 -------- d-----w- c:\program files\AutoTek
2009-08-18 03:53 . 2009-08-18 03:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-18 03:53 . 2009-09-01 03:11 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Google
2009-08-18 02:44 . 2009-08-18 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-08-18 02:38 . 2009-08-18 02:38 -------- d-----w- C:\GameHouse Games
2009-08-18 02:37 . 2009-08-18 02:38 -------- d-----w- c:\program files\RealArcade
2009-08-18 02:04 . 2009-08-18 02:04 -------- d-----w- c:\program files\3DGroove
2009-08-15 23:31 . 2009-08-15 23:31 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Identities
2009-08-15 04:21 . 2009-08-15 04:21 -------- d-----w- c:\program files\Windows Journal Viewer
2009-08-13 22:03 . 2009-08-13 22:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-13 21:06 . 2009-08-23 02:47 -------- d-----w- c:\program files\jesse
2009-08-13 02:52 . 2009-08-16 22:42 -------- d-----w- c:\windows\system32\Adobe
2009-08-13 01:51 . 2009-08-13 01:52 -------- d-----w- c:\program files\DivX
2009-08-13 01:51 . 2009-08-13 01:51 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-12 09:01 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-10 23:04 . 2009-09-02 05:25 -------- d-----w- c:\documents and settings\Richard\Application Data\Apple Computer
2009-08-10 23:04 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-10 23:04 . 2009-03-19 22:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\program files\iPod
2009-08-10 23:03 . 2009-08-10 23:04 -------- d-----w- c:\program files\iTunes
2009-08-10 23:03 . 2009-08-10 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\program files\Bonjour
2009-08-10 23:03 . 2009-09-04 02:07 -------- d-----w- c:\program files\QuickTime
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-10 23:03 . 2009-08-10 23:03 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Apple
2009-08-10 23:02 . 2009-08-10 23:02 -------- d-----w- c:\program files\Apple Software Update
2009-08-10 23:02 . 2009-08-10 23:04 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-10 23:02 . 2009-07-09 18:16 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-10 23:02 . 2009-07-09 18:16 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-10 23:02 . 2009-09-02 04:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-10 23:02 . 2009-08-10 23:02 -------- d-----w- c:\program files\Common Files\Apple
2009-08-10 23:02 . 2009-08-10 23:04 -------- d-----w- c:\documents and settings\Richard\Local Settings\Application Data\Apple Computer
2009-08-08 00:17 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-08-08 00:17 . 2008-04-14 11:42 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-08-08 00:17 . 2008-04-14 06:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-08-08 00:17 . 2008-04-14 06:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 23:24 . 2009-08-07 04:41 37 ----a-w- c:\documents and settings\Richard\jagex_runescape_preferences.dat
2009-09-03 22:28 . 2009-08-07 00:55 20264 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-30 09:10 . 2009-08-06 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 04:06 . 2009-08-06 23:18 -------- d-----w- c:\program files\ATI Technologies
2009-08-28 04:04 . 2009-08-06 23:18 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-22 17:09 . 2009-08-06 23:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-22 17:09 . 2009-08-06 23:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-22 17:09 . 2009-08-06 23:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-19 04:06 . 2009-08-19 04:06 -------- d-----w- c:\program files\EA Sports
2009-08-12 09:09 . 2009-08-06 23:29 -------- d-----w- c:\program files\PPStream
2009-08-08 01:18 . 2009-08-07 05:18 -------- d-----w- c:\program files\Runes of Magic
2009-08-07 01:01 . 2009-08-07 01:01 -------- d-----w- c:\program files\Microsoft
2009-08-07 01:01 . 2009-08-07 01:00 -------- d-----w- c:\program files\Windows Live
2009-08-07 01:01 . 2009-08-07 01:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-07 01:00 . 2009-08-07 01:00 -------- d-----w- c:\program files\SystemRequirementsLab
2009-08-07 00:59 . 2009-08-07 00:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-07 00:59 . 2009-08-07 00:59 -------- d-----w- c:\program files\Java
2009-08-07 00:55 . 2009-08-07 00:55 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-06 23:29 . 2009-08-06 23:29 -------- d-----w- c:\documents and settings\Richard\Application Data\PPStream
2009-08-06 23:28 . 2009-08-06 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-08-06 23:27 . 2009-08-06 23:27 -------- d-----w- c:\program files\Common Files\Real
2009-08-06 23:25 . 2009-08-06 23:25 -------- d-----w- c:\program files\AVG
2009-08-06 23:25 . 2009-08-06 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-06 23:23 . 2009-08-06 23:23 -------- d-----w- c:\program files\Ahead
2009-08-06 23:23 . 2009-08-06 23:23 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-06 23:22 . 2009-08-06 23:22 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-06 23:20 . 2009-08-06 23:20 0 ----a-w- c:\windows\ativpsrm.bin
2009-08-06 22:45 . 2009-08-06 22:45 -------- d-----w- c:\program files\microsoft frontpage
2009-08-06 22:43 . 2009-08-06 22:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-05 09:01 . 2008-04-14 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 18:21 . 2008-04-14 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-04-14 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-06-26 16:50 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-16 14:36 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2008-04-14 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19 . 2009-08-06 22:41 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2008-04-14 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

 

((((((((((((((((((((((((((((( SnapShot@2009-09-03_22.36.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 19:40 . 2006-10-26 19:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2006-07-24 16:50 . 2006-07-24 16:50 47920 c:\windows\system32\VBAME.DLL
+ 2009-09-04 02:06 . 2006-10-27 01:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
+ 2009-09-04 02:06 . 2006-10-27 01:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll
+ 2009-09-04 02:06 . 2006-10-27 01:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll
+ 2006-07-24 16:50 . 2006-07-24 16:50 39728 c:\windows\system32\SCP32.DLL
+ 2009-08-07 00:54 . 2009-09-04 22:44 88589 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2006-10-26 20:10 . 2006-10-26 20:10 33088 c:\windows\system32\FM20ENU.DLL
+ 2009-09-04 02:01 . 2009-09-04 02:01 48128 c:\windows\Installer\bb18ff.msi
+ 2009-09-04 02:06 . 2009-09-05 09:00 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-09-04 02:05 . 2009-09-04 02:05 39624 c:\windows\assembly\GAC_MSIL\System.AddIn\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 72472 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.DesignTime\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.DesignTime.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 39704 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Contract\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Contract.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 39712 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.ComRPCChannel.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 60200 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 39728 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Vsta\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Vsta.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 43840 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.FormControl\12.0.0.0__71e9bce111e9429c\microsoft.office.infopath.formcontrol.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 16384 c:\windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 11544 c:\windows\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Policy.11.0.Office.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12080 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Vbe.Interop.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Word.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.SmartTag.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Publisher.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12112 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.PowerPoint.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12632 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Outlook.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12616 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Graph.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 12096 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Excel.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 12104 c:\windows\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Policy.11.0.Microsoft.Office.Interop.Access.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 64288 c:\windows\assembly\GAC\Microsoft.Vbe.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 13312 c:\windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 20280 c:\windows\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.SmartTag.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 35648 c:\windows\assembly\GAC\Microsoft.Office.Interop.OutlookViewCtl\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OutlookViewCtl.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 17208 c:\windows\assembly\GAC\Microsoft.Office.Interop.OneNote\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.OneNote.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 88896 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.Xml\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.Xml.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 80696 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access.Dao\12.0.0.0__71e9bce111e9429c\Microsoft.Office.interop.access.dao.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 16712 c:\windows\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\Microsoft.Office.InfoPath.Permission.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 31560 c:\windows\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\IPDMCTRL.DLL
+ 2009-09-04 02:05 . 2009-09-04 02:05 82784 c:\windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 65536 c:\windows\assembly\GAC\dao\10.0.4504.0__31bf3856ad364e35\DAO.DLL
+ 2009-08-07 04:41 . 2009-09-03 23:15 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-08-07 04:41 . 2009-08-29 18:40 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-08-07 04:41 . 2009-08-29 18:40 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-08-07 04:41 . 2009-09-03 23:15 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 4096 c:\windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 4608 c:\windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\extensibility.dll
+ 2009-09-04 02:06 . 2006-10-27 01:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll
+ 2009-09-04 02:06 . 2006-10-27 01:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll
+ 2006-07-24 16:50 . 2006-07-24 16:50 125744 c:\windows\system32\MSSTDFMT.DLL
+ 2009-09-04 02:03 . 2009-09-04 02:03 501248 c:\windows\Installer\bb1943.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 501248 c:\windows\Installer\bb192b.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 506880 c:\windows\Installer\bb1925.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 516608 c:\windows\Installer\bb191e.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 513024 c:\windows\Installer\bb1917.msi
+ 2009-09-04 02:01 . 2009-09-04 02:01 501248 c:\windows\Installer\bb190b.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 501248 c:\windows\Installer\bb18e4.msi
+ 2009-03-20 17:48 . 2009-03-20 17:48 183808 c:\windows\Installer\23c4783.msp
+ 2009-09-04 02:00 . 2009-09-04 02:00 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-09-04 02:05 . 2009-09-04 02:05 330520 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Blueprints\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Blueprints.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 105248 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.AddInManager\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.AddInManager.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 211736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Applications.Adapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.Adapter.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 609104 c:\windows\assembly\GAC_MSIL\Microsoft.Office.InfoPath.Client.Internal.Host\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 367400 c:\windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Applications.InteropAdapter.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 118112 c:\windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal.Host.Interop.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 416544 c:\windows\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\OFFICE.DLL
+ 2009-09-04 02:05 . 2009-09-04 02:05 229376 c:\windows\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\MSCOMCTL.DLL
+ 2009-09-04 02:04 . 2009-09-04 02:04 371496 c:\windows\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\Microsoft.Vbe.Interop.Forms.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 781104 c:\windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 232248 c:\windows\assembly\GAC\Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Publisher.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 248632 c:\windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.PowerPoint.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 920376 c:\windows\assembly\GAC\Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Outlook.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 146232 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 404296 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath.SemiTrust\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.SemiTrust.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 150320 c:\windows\assembly\GAC\Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Graph.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 110592 c:\windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll
+ 2009-08-16 20:42 . 2009-09-04 22:54 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
- 2009-08-16 20:42 . 2009-08-30 00:27 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
+ 2006-10-26 19:40 . 2006-10-26 19:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 19:40 . 2006-10-26 19:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2006-10-26 20:10 . 2006-10-26 20:10 1190688 c:\windows\system32\FM20.DLL
+ 2009-09-04 02:03 . 2009-09-04 02:03 1640960 c:\windows\Installer\bb1949.msi
+ 2009-09-04 02:03 . 2009-09-04 02:03 1652736 c:\windows\Installer\bb193d.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 1652736 c:\windows\Installer\bb1937.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 1652736 c:\windows\Installer\bb1931.msi
+ 2009-09-04 02:02 . 2009-09-04 02:02 2319872 c:\windows\Installer\bb1911.msi
+ 2009-09-04 02:01 . 2009-09-04 02:01 1647616 c:\windows\Installer\bb1905.msi
+ 2009-09-04 02:01 . 2009-09-04 02:01 1640960 c:\windows\Installer\bb18f6.msi
+ 2009-09-04 02:01 . 2009-09-04 02:01 2022912 c:\windows\Installer\bb18f0.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 1713152 c:\windows\Installer\bb18ea.msi
+ 2009-09-04 02:00 . 2009-09-04 02:00 2397184 c:\windows\Installer\bb18de.msi
+ 2009-07-27 10:32 . 2009-07-27 10:32 5028352 c:\windows\Installer\762a413.msp
+ 2009-02-26 01:08 . 2009-02-26 01:08 8311808 c:\windows\Installer\762a3fc.msp
+ 2009-09-04 02:06 . 2009-09-05 09:00 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-09-04 02:06 . 2009-09-05 09:00 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-09-15 22:25 . 2006-09-15 22:25 3611416 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.4518\OUTLFLTR.DAT
+ 2009-09-04 02:04 . 2009-09-04 02:04 1276720 c:\windows\assembly\GAC\Microsoft.Office.Interop.Excel\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Excel.dll
+ 2009-09-04 02:04 . 2009-09-04 02:04 1612592 c:\windows\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Access.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 8007680 c:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2009-09-04 02:05 . 2009-09-04 02:05 1215328 c:\windows\assembly\GAC\IACore\1.7.6223.0__31bf3856ad364e35\IACore.dll
+ 2009-09-04 02:06 . 2009-09-04 02:06 18181632 c:\windows\Installer\bb1951.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPS Accelerator "= "c:\program files\PPStream\ppsap.exe" [2009-07-22 210312]
"DAEMON Tools Pro Agent "= "c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-08-05 224712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-22 2007832]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-08-07 149280]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-09-04 413696]
"AlcxMonitor "= "ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-22 17:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\PPStream\\PPStream.exe "=
"c:\\Program Files\\PPStream\\PPSAP.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\EA Sports\\Madden NFL 08\\Updater.exe "=
"d:\\Documents and Settings\\Richard\\My Documents\\Red Alert 2\\game.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP "= 8085:TCP:ddnsfilter

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [06/08/2009 5:25 PM 335240]
R1 Filter;Filter;\??\c:\windows\system32\drivers\Filter.sys --> c:\windows\system32\drivers\Filter.sys [?]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [06/08/2009 5:25 PM 297752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\1f9g3kdw.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 15:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-09-06 15:41
ComboFix-quarantined-files.txt 2009-09-06 21:41
ComboFix2.txt 2009-09-03 22:39

Pre-Run: 87,438,360,576 bytes free
Post-Run: 89,820,618,752 bytes free

746 --- E O F --- 2009-09-05 09:00

 

Hi
OK looks good.

Now lets get a on line scan. Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Now the scan.

Please do an online scan with Kaspersky WebScanner

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on "Accept" If your pop "“up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the "Scan Report" On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri