Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Operating Systems » Windows XP/2000 » "XP AntiVirus 2008" Trojan/Malware/Virus HELP!

Windows XP/2000 - "XP AntiVirus 2008" Trojan/Malware/Virus HELP! posted in the Operating Systems forums; Okay i did the Combofix and it said restart, so i did and then the blue screen popped up again saying it was creating the log but it just said ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 5 < 1 2 3 4 5 >
  #8  
Old 07-22-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 15
PC Experience: Beginner
ThomasRel - See this Members User comments on their Profile page
Default Re: "XP AntiVirus 2008" Trojan/Malware/Virus HELP!
Okay i did the Combofix and it said restart, so i did and then the blue screen popped up again saying it was creating the log but it just said it for hours then went off... and also the start bar has dissapeared at the bottom of the screen... and i dont know where the log is located, if there is one.
  #9  
Old 07-23-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,065
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: "XP AntiVirus 2008" Trojan/Malware/Virus HELP!
That should have finished faster than that.Can you run it again and make sure you anti virus is disabled.If you have the same problem then run it in safe mode.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #10  
Old 07-23-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 15
PC Experience: Beginner
ThomasRel - See this Members User comments on their Profile page
Default Re: "XP AntiVirus 2008" Trojan/Malware/Virus HELP!
ComboFix 08-07-21.2 - Narna 2008-07-23 10:20:05.2 - NTFSx86

Running from: C:\Documents and Settings\Narna\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\kvxqmtre.dll
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\auttyx.dll
C:\WINDOWS\system32\biawvi.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\eprsktkk.dll
C:\WINDOWS\system32\ksfnmvji.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\whrfftwp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-21 14:58 . 2008-07-21 14:58 <DIR> d-------- C:\Deckard
2008-07-20 17:58 . 2008-07-20 17:58 <DIR> d-------- C:\Documents and Settings\Narna\Application Data\Malwarebytes
2008-07-20 17:47 . 2008-07-20 17:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 17:47 . 2008-07-20 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 17:47 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-20 17:47 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-20 17:08 . 2008-07-17 03:14 155,648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-06 10:11 . 2008-07-06 10:11 <DIR> d-------- C:\Documents and Settings\Narna\Application Data\Sony Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-21 15:00 --------- d-----w C:\Documents and Settings\Narna\Application Data\AVG7
2008-06-28 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-24 11:13 --------- d-----w C:\Program Files\IGZones
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 05:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-06-05 04:28 --------- d-----w C:\Documents and Settings\Narna\Application Data\LimeWire
2008-05-30 23:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-02 16:19 6,016,952 -c--a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-05-19 20:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-04-29 22:29 6,820,520 -c--a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2006-12-19 16:04 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2006-05-08 04:26 794,624 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"SNPT513"="C:\WINDOWS\vsnpt513.exe" [2003-08-12 19:21 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-11-09 22:44 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\BABA\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-08 12:28:02 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-06-18 19:49:31 327765]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-27 07:35:50 962661]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Narna^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Narna\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Narna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Narna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-07-20 17:29 579584 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
--a------ 2008-04-03 12:16 6321456 C:\Program Files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{812AE34E-162C-4C94-BAA1-A2C0431AEC84} - C:\WINDOWS\kgxmotapktx.dll
Toolbar-{3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - C:\WINDOWS\qndsfmao.dll
HKLM-Run-C-Media Speaker Configuration - C:\Documents and Settings\BABA\Desktop\NG180_WDM\Setup.exe
HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
HKLM-Run-WinLogin - C:\WINDOWS\winlogin.exe
HKLM-Run-adiras - adiras.exe
SSODL-kvxqmtre-{6400F73D-52C1-4AA2-AA71-0AFD283611F0} - C:\WINDOWS\kvxqmtre.dll
SSODL-evgratsm-{F0013857-007F-4411-BCAB-A70CBFB40DEE} - C:\WINDOWS\evgratsm.dll
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 -: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O16 -: {29710C4C-4F0F-4A36-8312-CB5614829804} - hxxp://www.drivershq.com/files/cab/nonmember/DriverDetective-nm.cab
C:\WINDOWS\Downloaded Program Files\DriverDetective-nm.INF
C:\WINDOWS\Downloaded Program Files\DriverDetective-nm.ocx

O16 -: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab
C:\WINDOWS\Downloaded Program Files\ssiPictureUploader.inf
C:\WINDOWS\Downloaded Program Files\ssiPictureUploader.ocx

O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.inf
C:\WINDOWS\Downloaded Program Files\GoPetsWeb.ocx


************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 10:24:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-07-23 10:29:27
ComboFix-quarantined-files.txt 2008-07-23 17:28:24

Pre-Run: 45,159,411,712 bytes free
Post-Run: 45,145,944,064 bytes free

162 --- E O F --- 2008-07-09 21:02:54
  #11  
Old 07-23-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 4,065
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: "XP AntiVirus 2008" Trojan/Malware/Virus HELP!
Nearly done....

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:




File::
C:\WINDOWS\agpqlrfm.exe

Folder::
C:\Documents and Settings\Narna\Application Data\LimeWire
C:\Program Files\LimeWire

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #12  
Old 07-23-2008
Bronze Member
  
Join Date: Jul 2008
Posts: 15
PC Experience: Beginner
ThomasRel - See this Members User comments on their Profile page
Default Re: "XP AntiVirus 2008" Trojan/Malware/Virus HELP!
ComboFix 08-07-21.2 - Narna 2008-07-23 11:25:37.3 - NTFSx86

Running from: C:\Documents and Settings\Narna\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Narna\Desktop\CFScript.txt

FILE ::
C:\WINDOWS\agpqlrfm.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Narna\Application Data\LimeWire
C:\Documents and Settings\Narna\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe
C:\Documents and Settings\Narna\Application Data\LimeWire\412splashfree.png
C:\Documents and Settings\Narna\Application Data\LimeWire\414splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\active.mojito
C:\Documents and Settings\Narna\Application Data\LimeWire\certificate\limewire.keystore
C:\Documents and Settings\Narna\Application Data\LimeWire\createtimes.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\data.ser
C:\Documents and Settings\Narna\Application Data\LimeWire\downloads.dat
C:\Documents and Settings\Narna\Application Data\LimeWire\fileurns.bak
C:\Documents and Settings\Narna\Application Data\LimeWire\fileurns.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\filters.props
C:\Documents and Settings\Narna\Application Data\LimeWire\gnutella.net
C:\Documents and Settings\Narna\Application Data\LimeWire\installation.props
C:\Documents and Settings\Narna\Application Data\LimeWire\library.dat
C:\Documents and Settings\Narna\Application Data\LimeWire\limewire.props
C:\Documents and Settings\Narna\Application Data\LimeWire\mojito.props
C:\Documents and Settings\Narna\Application Data\LimeWire\passive.mojito
C:\Documents and Settings\Narna\Application Data\LimeWire\promotion\promodb.backup
C:\Documents and Settings\Narna\Application Data\LimeWire\promotion\promodb.data
C:\Documents and Settings\Narna\Application Data\LimeWire\promotion\promodb.properties
C:\Documents and Settings\Narna\Application Data\LimeWire\promotion\promodb.script
C:\Documents and Settings\Narna\Application Data\LimeWire\pub1.key
C:\Documents and Settings\Narna\Application Data\LimeWire\public.key
C:\Documents and Settings\Narna\Application Data\LimeWire\questions.props
C:\Documents and Settings\Narna\Application Data\LimeWire\responses.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\secureMessage.key
C:\Documents and Settings\Narna\Application Data\LimeWire\simpp.xml
C:\Documents and Settings\Narna\Application Data\LimeWire\spam.dat
C:\Documents and Settings\Narna\Application Data\LimeWire\tables.props
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\dir_closed.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\dir_open.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\forward_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\forward_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\kill_on.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\lime.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\logo.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\notsearching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\pause_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\pause_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\question.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\rewind_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\searching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\black_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\dir_open.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\forward_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\logo.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\notsearching.gi f
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\pause_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\question.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\search.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\searching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\classic_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\lime.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\logo.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\notsearching.g if
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\question.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\searching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewire_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\dir_closed. gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gi f
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\forward_dn. gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\forward_up. gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\logo.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\notsearchin g.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gi f
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gi f
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\question.gi f
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.g if
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.g if
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\searching.g if
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\splashpro.p ng
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\version.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\forward_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\forward_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\kill_on.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\logo.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\notsearching.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\pause_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\pause_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\question.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\rewind_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\searching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\other_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme.lwtp
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\01_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\02_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\03_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\04_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\05_star.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\chat.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\forward_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\kill.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\kill_on.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\logo.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\notsearching.pn g
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\pause_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\play_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\play_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\question.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\searching.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\splash.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\splashpro.png
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\stop_up.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\theme.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\version.txt
C:\Documents and Settings\Narna\Application Data\LimeWire\themes\windows_theme\warning.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\ttree.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\ttrees.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\ttroot.cache
C:\Documents and Settings\Narna\Application Data\LimeWire\update.xml
C:\Documents and Settings\Narna\Application Data\LimeWire\version.key
C:\Documents and Settings\Narna\Application Data\LimeWire\version.xml
C:\Documents and Settings\Narna\Application Data\LimeWire\versions.props
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\data\delete_me
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\misc\application.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\misc\audio.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\misc\document.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\misc\image.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\misc\video.gif
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\schemas\application.xsd
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\schemas\audio.xsd
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\schemas\document.xsd
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\schemas\image.xsd
C:\Documents and Settings\Narna\Application Data\LimeWire\xml\schemas\video.xsd
C:\WINDOWS\agpqlrfm.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-21 14:58 . 2008-07-21 14:58 <DIR> d-------- C:\Deckard
2008-07-20 17:58 . 2008-07-20 17:58 <DIR> d-------- C:\Documents and Settings\Narna\Application Data\Malwarebytes
2008-07-20 17:47 . 2008-07-20 17:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 17:47 . 2008-07-20 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 17:47 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-20 17:47 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 10:11 . 2008-07-06 10:11 <DIR> d-------- C:\Documents and Settings\Narna\Application Data\Sony Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-21 15:00 --------- d-----w C:\Documents and Settings\Narna\Application Data\AVG7
2008-07-21 00:17 --------- d-----w C:\Documents and Settings\Narna\Application Data\Azureus
2008-06-28 23:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-24 11:13 --------- d-----w C:\Program Files\IGZones
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 16:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Channel4
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 05:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-05-30 23:05 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-02 16:19 6,016,952 -c--a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-05-19 20:50 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2007-04-29 22:29 6,820,520 -c--a-w C:\Program Files\FirefoxGoogleToolbarSetup.exe
2006-12-19 16:04 36,808,256 -c--a-w C:\Program Files\iTunesSetup.exe
2006-05-08 04:26 794,624 -c--a-w C:\WINDOWS\inf\OTHER\audio3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00 49152]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"SNPT513"="C:\WINDOWS\vsnpt513.exe" [2003-08-12 19:21 32768]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-11-09 22:44 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 05:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\BABA\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-07-08 12:28:02 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin 802.11g Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe [2007-06-18 19:49:31 327765]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-10-09 01:16:54 610365]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-07-27 07:35:50 962661]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\WINDOWS\pss\PalTalk.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Narna^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Narna\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Narna^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Narna\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-07-20 17:29 579584 C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-01 16:51 257088 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
--a------ 2008-04-03 12:16 6321456 C:\Program Files\RapidSolution\Tunebite\Tunebite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 11:28:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


************************************************** ************************
.
Completion time: 2008-07-23 11:31:38
ComboFix-quarantined-files.txt 2008-07-23 18:30:35
ComboFix2.txt 2008-07-23 17:29:29

Pre-Run: 45,197,692,928 bytes free
Post-Run: 45,177,774,080 bytes free

345 --- E O F --- 2008-07-09 21:02:54



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:03 AM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vsnpt513.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Narna\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SNPT513] C:\WINDOWS\vsnpt513.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab46479.cab
O16 - DPF: {174