|
|
|
EXPERT NEEDED....need help to analyze my Hijackthis log
|
|
AfterDawn Addict
|
19. May 2009 @ 09:32 |
Link to this message
|
OK, buddy, this should be about the last before we start digging around in the registry.
As always, take your time and if you have a problem, just holler at me?
Remove Bad HJT entrys
Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a [b]check beside all of the items listed below (if present):
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~????????êÔ?|ÿ??|ÿÿÿÿ¨ü
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Step # 2: Delete Bad Services
Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:
Quote:
@echo off
sc stop UzaqFaj
sc delete UzaqFaj
sc stop VihcZhn
sc delete VihcZhn
sc stop WfnsVhh
sc delete WfnsVhh
sc stop WhsmOun
sc delete WhsmOun
sc stop WztdHqi
sc delete WztdHqi
sc stop XafrXem
sc delete XafrXem
sc stop XfsxOil
sc delete XfsxOil
sc stop XlayMvo
sc delete XlayMvo
sc stop XpebYko
sc delete XpebYko
sc stop XtjiHmp
sc delete XtjiHmp
sc stop YdpdQsg
sc delete YdpdQsg
sc stop YoceOqn
sc delete YoceOqn
sc stop YqpuJcs
sc delete YqpuJcs
sc stop YtfpRyr
sc delete YtfpRyr
sc stop ZkrvQvd
sc delete ZkrvQvd
sc stop ZresLdd
sc delete ZresLdd
sc stop ZrhfCzj
sc delete ZrhfCzj
sc stop ZvowGmf
sc delete ZvowGmf
exit
Click on File > Save As....
In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.
Click Save and save it to your Desktop.
Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.
Now Please post a fresh HJT Log?..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 19. May 2009 @ 09:35
|
|
Advertisement
|
 |
|
|
|
yeapkl
Junior Member
|
20. May 2009 @ 09:49 |
Link to this message
|
OK, now i can see less rubbish is my system...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:12 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10819 bytes
|
AfterDawn Addict
|
20. May 2009 @ 10:21 |
Link to this message
|
Yes, we?re getting there. Just a little more before getting down to the nuts and bolts.. : )
Remove Hijackthis Entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
Now Please post a fresh HJT Log?..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 20. May 2009 @ 10:37
|
|
yeapkl
Junior Member
|
21. May 2009 @ 07:59 |
Link to this message
|
Overall there's good improvement in performance but after installing XP service pack 3, my comp becom quite laggy again =(
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:38 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10408 bytes
|
AfterDawn Addict
|
21. May 2009 @ 11:04 |
Link to this message
|
Great job, yeapkl,
Your HJT Log is Clean! Problem is, HJT does not see all of the hidden Nasty malware lurking in places that it don?t look at. : ( but, we?ll take care of that. : )
As for the lagging, we?ll work on that as we go further along?
I can?t tell from these logs if your windows firewall is turned on. Please make sure that it is..
You don?t have an AntiVirus, so please download and install one of these:
The best is free - > Avira Antivir My personal recommendation?.
It has pop up advertisements when it updates but, I?ll show you how to get rid of those?
The most popular is also free - > AVG 8.5
It?s simple and good but, uses a lot of resources and tends to slow down the older computers?
To help you with some of the lagging, do the following.
This will not remove any of the programs, it will just stop them from running at boot up and you will still be able to access them when they are needed.
1.) Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a [b]check beside all of the items listed below (if present):
O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
(Description: WinZip system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.
2.) Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here in your next reply.
3.) Un-install ComboFix we will need a fresh, updated copy.
This may or may not work if you did not follow the instructions and download it to your desktop, if it does not work, then go to where you have Combofix and drag it to the trash.
? Click START then RUN
? Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
? When shown the disclaimer, Select "2"
The above procedure will:
? Delete ComboFix and its associated files and folders.
? Reset the clock settings.
? Hide file extensions, if required.
? Hide System/Hidden files, if required.
? Reset System Restore.
4.) Download ComboFix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer.
Post the log from comboFix for me located in
c:\comboFix.txt
The HJT Un-install Log
And a fresh HJT Log
Hang in there, it?s going good so far?
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
26. May 2009 @ 12:03 |
Link to this message
|
Thanks a million for your effort, 2oG!
Anyway, I'm quite puzzled when Avira detect combofix as a virus when I'm doing the scan. Is it kind of a conflict here?
c:\comboFix.txt
ComboFix 09-05-25.A2 - 52309 05/26/2009 23:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.441 [GMT 8:00]
Running from: c:\documents and settings\52309\desktop\combofix.exe
Command switches used :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w c:\windows\system32\dllcache\pidgen.dll
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w c:\program files\iPod
2009-05-01 12:49 . 2009-05-01 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 23:52 . 2009-04-30 23:52 57344 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-54763f51-n\Decora-SSE.dll
2009-04-30 23:52 . 2009-04-30 23:52 24064 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7227435c-n\Decora-D3D.dll
2009-04-30 23:52 . 2009-04-30 23:52 315392 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl.dll
2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_awt.dll
2009-04-30 23:52 . 2009-04-30 23:52 114688 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_cg.dll
2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-467487f2-n\gluegen-rt.dll
2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcp71.dll
2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\jmc.dll
2009-04-30 23:52 . 2009-04-30 23:52 348160 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcr71.dll
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w c:\program files\Trend Micro
2009-04-28 14:52 . 2009-04-28 14:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:10 . 2009-04-27 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:35 . 2005-04-16 14:12 5780 ----a-w c:\windows\bthservsdp.dat
2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w c:\documents and settings\52309\Application Data\LimeWire
2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w c:\program files\LimeWire
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w c:\program files\iTunes
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w c:\program files\Windows Live
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 23:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-26 23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 15:50
ComboFix2.txt 2009-05-14 15:58
Pre-Run: 551,133,184 bytes free
Post-Run: 570,597,376 bytes free
HJT Un-install Log
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.5
All To MP3 Converter 2.15
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom 802.11 Driver
CCleaner (remove only)
Client for Microsoft Office SharePoint Portal Server 2003
Comanche 4
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
DAEMON Tools
DivX Codec
DivX Converter
DivX Player
FoxyTunes for Firefox
Free iPod Video Converter 1.26
Free YouTube to Mp3 Converter version 3.1
GameShadow
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Help and Support
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD
Intuitive ERP Client - SEGSVR03 - IERP60
iTunes
Java(TM) 6 Update 12
LaserJet 1020 series
Lexmark 1200 Series
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Access 2000 SR-1 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Reference Library 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.0.10)
MP3 Converter Simple
MP3 Ringtone Maker
MPL for Windows 4.2 Student
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 3.5 - SE
MyWin Driver 1.2
Payslip
Post-it® Software Notes Lite
Quick Launch Buttons 5.00 C2
QuickTime
Real Alternative 1.7.5
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shockwave
SoftV90 Data Fax Modem with SmartCP
Sonic RecordNow!
Sonic Update Manager
SopCast 3.0.3
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.0 (KB932394)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6f
Windows Communication Foundation
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:01 PM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10204 bytes
|
AfterDawn Addict
|
27. May 2009 @ 10:31 |
Link to this message
|
yeapkl, You?re looking Good!
Originally posted by yeapkl:
I'm quite puzzled when Avira detect combofix as a virus when I'm doing the scan. Is it kind of a conflict here?
Don?t be alarmed, most AV?s find that file in ComboFix as a virus, but it?s not?.
At the top of the log you?ll se that AntiVir scan was disabled by Combo, on reboot it started and found the file. But, it?s OK.
This Log is like digging through a dumpster.. lol Most of it is trash that will not harm you.. It will take me days to shift through it and try to find anything left that is bad so, don?t give up.. : )
Right now, I do see that you have a Rootkit that needs to be removed and I would like for you to run Malwarebytes? Anti malware again to clean up what it can of the leftover?s..
Do this, please:
First, un-install ComboFix, using the following procedure:
Click START then RUN
Now copy/paste Combofix /u in runbox and click OK.
Note the space between the X and the /U, it needs to be there.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Next, we will need to download the latest updated version of ComboFix:
Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Now disable Avira AntiVir:
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
? right click it-> untick the option AntiVir Guard enable.
? You should now see a closed, white umbrella on a red background.
Next:
1. Close any open browsers
2. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the quote box below:
Quote:
Rootkit::
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
If you still have MBM, update it and run the full scan or follow these instructions:
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM Log and ComboFix Log in your next reply.
Hang in there, things are looking brighter.. Any problems, please ask before going on.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 27. May 2009 @ 10:34
|
|
yeapkl
Junior Member
|
2. June 2009 @ 08:53 |
Link to this message
|
Here's the logfile...
Btw, how can I disable the Pop-out Advert for Avira??
Thanks!
ComboFix 09-05-31.05 - 52309 06/01/2009 19:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.381 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w- c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 14:21 . 2009-05-06 14:21 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 11:07 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w- c:\documents and settings\52309\Application Data\LimeWire
2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w- c:\program files\LimeWire
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w- c:\program files\iPod
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 19:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(296)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-01 19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 11:22
ComboFix2.txt 2009-05-26 15:51
Pre-Run: 1,188,388,864 bytes free
Post-Run: 1,198,972,928 bytes free
249 --- E O F --- 2009-05-20 14:18
mbam-log-2009-06-02 (20-40-31).txt
Scan type: Full Scan (C:\|)
Objects scanned: 208573
Time elapsed: 13 hour(s), 41 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\sony\pctools_2009415_0.dll.XXX (Adware.Agent) -> No action taken.
|
AfterDawn Addict
|
2. June 2009 @ 09:54 |
Link to this message
|
yeapkl,
Looks like you may have picked up a little Adware hitch hicker.. we?ll get that later.
Just be sure your firewall and Antivirus are both turned on..
Here?s how to disable the pop-up advert in Avira, depending on which XP you have:
Windows XP Pro
1. Go to Start > Run.
2. Type gpedit.msc and click OK.
3. Navigate through User Configuration > Administrative Templates > System.
4. Double click "Don't run specified Windows applications".
5. Enable it and click show.
6. Add "avnotify.exe".
7. Click OK on all open windows.
8. Restart.
Windows XP Home
1. Boot into Safe Mode.
2. Log into an account with administrator privileges.
3. Open [drive installed on]:\Program Files\Avira\AntiVir PersonalEdition Classic.
4. Right click on avnotify.exe and go to Properties > Security > Advanced.
5. Click on Edit-> Traverse Folder / Execute File-> deny-> OK.
6. Repeat for all users.
7. Reboot your computer normally.
You?re in good shape except for the left over trash? It will take me some time to go through the logs so, don?t give up : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
6. June 2009 @ 14:02 |
Link to this message
|
Hey yeapkl,
We?ll give this a whirl and see what?s left or what I missed lol
Hopefully you have ComboFix left on your desktop..
ComboFix fix
1. Close any open browsers
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Quote:
Folder::
c:\program files\LimeWire
c:\Program Files\BitTorrent
c:\documents and settings\52309\Application Data\LimeWire
c:\Program Files\DNA
c:\program files\eMule
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"c:\\Program Files\\DNA\\btdna.exe"=-
Driver::
3qppt58
468aoy1ac
4ddmj4o
4nzed7
58v20f
7yx3zhgur
82wdblow0b
d2yz83c1rc
faaojfwpo
holda
hxhpvot
m60q7y0
mhv6r42
pev26od2
q3i6m8a
r9yr57dd5
wglfl7
yh13phk
epfwtdir
Eset Service
HP Pci Information
myprotector
Save this as [b]CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
In your next reply, please post back:
1.Combofix log
2.New HJT log
Tell me how your pc is running now.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
8. June 2009 @ 11:38 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
8. June 2009 @ 11:45 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
8. June 2009 @ 11:47 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
8. June 2009 @ 12:01 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
8. June 2009 @ 12:04 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
8. June 2009 @ 20:20 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
AfterDawn Addict
|
9. June 2009 @ 10:56 |
Link to this message
|
Originally posted by yeapkl:
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
You may see more before this is over : ) The crap that Avira found is leftover Trash and not real Trojans..
If you look at the ?other deletions? in the ComboFix Log you will see that most of this trash is from using Limewire and Bittorrent ? P2P is not good?. : (
As I told you at the start, maybe you should burn the drive. Lol
Bare with me and maybe we can get you cleaned up.. As I said, no guarantee but I will give it my best shot?
We may have to run some of these same programs several more times before you are completely clean (I need the Logs to see what is happening).
If you still have MBAM update and run a full scan if not, do this:
Download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
? At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
? If an update is found, it will download and install the latest version.
? Once the program has loaded, select Perform full scan, then click Scan.
? When the scan is complete, click OK, then Show Results to view the results.
? Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
? When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
? Please post the MBAM Log in your next reply.
Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks like this:
)
? right click it-> untick the option AntiVir Guard enable.
? You should now see a closed, white umbrella on a red background (looks like this:
)
You should still have ComboFix on your machine, do this:
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
Quote:
"%userprofile%\desktop\combofix.exe" /killall
Combo will begin to run DO NOTHING while this is happening.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
? This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.
Reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt and the MBAM Log
If you run into any problems, let me know before going on?..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
10. June 2009 @ 09:51 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
|
yeapkl
Junior Member
|
10. June 2009 @ 09:55 |
Link to this message
|
|
Sorry man
Sorry for the spam in the previous posts...
Guess there's something wrong with my network....
|
|
yeapkl
Junior Member
|
10. June 2009 @ 09:56 |
Link to this message
|
Dear 2oG,
When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(
Anyway, so far so good.
ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk
((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23
Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free
871 --- E O F --- 2009-05-20 14:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/d.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/d...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Custom...DataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awe...DiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Sol...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 10247 bytes
|
AfterDawn Addict
|
10. June 2009 @ 10:17 |
Link to this message
|
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
yeapkl
Junior Member
|
15. June 2009 @ 10:21 |
Link to this message
|
ok mate...Here you go
Malwarebytes' Anti-Malware 1.37
Database version: 2261
Windows 5.1.2600 Service Pack 3
6/11/2009 11:24:12 PM
mbam-log-2009-06-11 (23-24-12).txt
Scan type: Full Scan (C:\|)
Objects scanned: 212139
Time elapsed: 2 hour(s), 49 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix 09-06-14.02 - 52309 06/15/2009 21:48.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.447 [GMT 8:00]
Running from: c:\documents and settings\52309\desktop\combofix.exe
Command switches used :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-15 13:42 . 2009-06-15 13:44 -------- d-----w- C:\5c335898b27094da13ccc7ca20
2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 13:56 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-08 15:48 . 2007-07-01 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 05:36 . 2009-03-18 15:34 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-29 05:36 . 2008-11-01 09:35 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-08_14.45.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 13:58 . 2009-06-15 13:58 16384 c:\windows\temp\Perflib_Perfdata_264.dat
+ 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2006-11-07 13:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 13:03 . 2009-04-29 04:55 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\jsproxy.dll
- 2006-10-26 18:44 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2006-10-26 18:44 . 2009-04-28 09:05 13824 c:\windows\system32\ieudinit.exe
- 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\ie4uinit.exe
- 2006-10-17 03:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
+ 2006-10-17 03:58 . 2009-04-29 04:55 63488 c:\windows\system32\icardie.dll
+ 2009-05-26 15:07 . 2009-06-10 13:41 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-04-25 08:41 . 2009-04-29 04:55 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-04-25 08:41 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2007-04-24 14:26 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2007-04-24 14:26 . 2009-04-28 09:05 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2009-04-29 04:55 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 12:00 . 2009-04-28 09:05 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-04-29 04:55 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\pngfilt.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB969897-IE7\msfeedsbs.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB969897-IE7\jsproxy.dll
+ 2009-06-15 13:40 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB969897-IE7\ieudinit.exe
+ 2009-06-15 13:40 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB969897-IE7\iernonce.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB969897-IE7\ieencode.dll
+ 2009-06-15 13:41 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB969897-IE7\ie4uinit.exe
+ 2009-06-15 13:41 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB969897-IE7\icardie.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\url.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\mshtmled.dll
- 2006-11-07 13:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-07 13:03 . 2009-04-29 04:55 459264 c:\windows\system32\msfeeds.dll
+ 2009-05-04 17:01 . 2009-06-15 14:00 220220 c:\windows\system32\inetsrv\MetaBase.bin
+ 2006-10-17 03:57 . 2009-04-29 04:55 268288 c:\windows\system32\iertutil.dll
- 2006-10-17 03:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 03:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 03:27 . 2009-04-29 04:55 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-04-25 08:41 . 2009-04-29 04:55 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-04-25 08:41 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2005-04-15 09:01 . 2009-04-25 05:27 636088 c:\windows\system32\dllcache\iexplore.exe
+ 2007-04-25 08:41 . 2009-04-29 04:55 268288 c:\windows\system32\dllcache\iertutil.dll
- 2007-04-25 08:41 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-04-25 08:41 . 2009-04-29 04:55 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-04-25 08:41 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 12:00 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-25 05:26 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-06-15 13:43 . 2009-06-15 13:43 389120 c:\windows\system32\CF32468.exe
+ 2004-08-04 12:00 . 2009-04-29 04:55 124928 c:\windows\system32\advpack.dll
- 2004-08-04 12:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2009-06-15 13:40 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB969897-IE7\wininet.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB969897-IE7\webcheck.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB969897-IE7\url.dll
+ 2009-06-15 13:41 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB969897-IE7\spuninst\updspapi.dll
+ 2009-06-15 13:41 . 2008-07-09 07:38 231288 c:\windows\ie7updates\KB969897-IE7\spuninst\spuninst.exe
+ 2009-06-15 13:40 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB969897-IE7\occache.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB969897-IE7\mstime.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB969897-IE7\msrating.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB969897-IE7\mshtmled.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB969897-IE7\msfeeds.dll
+ 2009-06-15 13:41 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB969897-IE7\iexplore.exe
+ 2009-06-15 13:40 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB969897-IE7\iertutil.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB969897-IE7\iedkcs32.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dll
+ 2009-06-15 13:41 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB969897-IE7\ieakui.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB969897-IE7\ieaksie.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB969897-IE7\ieakeng.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB969897-IE7\extmgr.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB969897-IE7\dxtrans.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB969897-IE7\dxtmsft.dll
+ 2009-06-15 13:41 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB969897-IE7\advpack.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 3596288 c:\windows\system32\mshtml.dll
+ 2006-11-07 13:03 . 2009-04-29 04:55 6066176 c:\windows\system32\ieframe.dll
- 2006-11-07 13:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-04-29 04:56 3596288 c:\windows\system32\dllcache\mshtml.dll
+ 2007-04-25 08:41 . 2009-04-29 04:55 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-04-25 08:41 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB969897-IE7\urlmon.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB969897-IE7\mshtml.dll
+ 2009-06-15 13:40 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB969897-IE7\ieframe.dll
+ 2009-06-15 13:40 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB969897-IE7\ieapfltr.dat
+ 2005-07-05 15:51 . 2009-06-01 16:51 23635392 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat
[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP
R0 4nzed7v;4nzed7;c:\windows\System32\DRIVERS\4nzed7v.sys [x]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 pciinfo;HP Pci Information;c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [x]
R3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys [2003-07-31 22570]
R3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2002-10-28 65604]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2006-05-02 26624]
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 22:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\CF32468.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-15 22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-15 14:14
ComboFix2.txt 2009-06-08 14:53
ComboFix3.txt 2009-06-01 11:23
Pre-Run: 617,459,712 bytes free
Post-Run: 646,270,976 bytes free
371 --- E O F --- 2009-06-15 13:44
|
AfterDawn Addict
|
15. June 2009 @ 19:40 |
Link to this message
|
You?re looking good.. Almost there.. Just a little touch up.
Step # 1: Remove Hijackthis Entries
? Run HijackThis
? Click on the Scan button
? Put a check beside all of the items listed below (if present):
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
? Close all open windows and browsers/email, etc...
? Click on the "Fix Checked" button
? When completed, close the application.
Step # 2: Delete Bad Services
Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:
Quote:
@echo off
sc stop EhttpSrv
sc delete EhttpSrv
sc stop ekrn
sc delete ekrn
exit
Click on File > Save As....
In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.
Click Save and save it to your Desktop.
Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA
Then run this tool to help cleanup any left over Java
Remove Old Java using JavaRa
Download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
? Double-click on JavaRa.exe to start the program
? From the drop-down menu, choose English and click on Select
? JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer
? Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK
? A logfile will pop up. Save it to a convenient location
? Click on Additional Tasks then tick Remove Useless JRE Files
? Click Go then OK when prompted & close the program.
Update Java Runtime
? Go to http://java.sun.com/javase/downloads/index.jsp
? Scroll down to Java Runtime Environment (JRE) 6 Update 14 and click on the Download button
? In the Platform box choose Windows
? Check the box to Accept License Agreement and click Continue
? Click on Windows Offline Installation, click on the link under it which says "jre-6u14-windows-i586.exe" and save the downloaded file to your desktop
? Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions
? Reboot your computer
You shouldn?t be having any problems now.. Your HJT Log is clean and I see no infection that can harm you..
Let me know how you are running? any problems?
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
AfterDawn Addict
|
16. June 2009 @ 04:03 |
Link to this message
|
|
@2oldGeek
Sorry to butt in, but I have got to say, you are some type of saint! I was looking over the logs...man you are great. Nice to see good people still exist!
/end pointless intrusion
|
|
Advertisement
|
|
|
AfterDawn Addict
|
16. June 2009 @ 07:53 |
Link to this message
|
Originally posted by svtstang:
Sorry to butt in, but I have got to say, you are some type of saint!
Thanks stang, but Saints can?t clean computers; they can?t say the bad words needed to complete the job?.. lamo
This one has been a real challenge?. There are a lot of duplicate .dll files left over but they are not going to cause any problems.. Un-registered as indicated by the minus sign next to them in the snapshot by combofix, and not using enough memory to even be concerned with..
Thanks for your recognition, that makes the work worthwhile.. : )
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
