EXPERT NEEDED....need help to analyze my Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

--
End of file - 16070 bytes

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

--
End of file - 16070 bytes

 

Oops, sorry...double post

 

That’s looking good..

This time, we’ll just take a bigger byte and clear the rest of the bad random services so we can work on the other stuff : )
Again, take your time and if you have a problem, just holler at me…

Remove Bad Services

Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a check beside all of the items listed below (if present):


O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)

O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


Step # 2: Delete Bad Services

Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:

Click on File > Save As....

In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.

Click Save and save it to your Desktop.

Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


Now Please post a fresh HJT Log…..


2oG

 

OK man...Here's the latest log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:34 PM, on 5/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

--
End of file - 12613 bytes

 

OK, buddy, this should be about the last before we start digging around in the registry.

As always, take your time and if you have a problem, just holler at me…

Remove Bad HJT entrys

Step # 1: Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a check beside all of the items listed below (if present):


O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü

O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü

O4 - Startup: PowerReg Scheduler.exe

O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB

O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab

O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)



Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


Step # 2: Delete Bad Services

Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:

Click on File > Save As....

In the File Name box, copy and paste in fix.bat
In the Save as type box, select All Files from the drop-down list.

Click Save and save it to your Desktop.

Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


Now Please post a fresh HJT Log…..


2oG

 

OK, now i can see less rubbish is my system...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:12 PM, on 5/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10819 bytes

 

Yes, we’re getting there. Just a little more before getting down to the nuts and bolts.. : )


Remove Hijackthis Entries
Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


Now Please post a fresh HJT Log…..


2oG

 

Overall there's good improvement in performance but after installing XP service pack 3, my comp becom quite laggy again =(


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:38 PM, on 5/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10408 bytes

 

Great job, yeapkl,

Your HJT Log is Clean! Problem is, HJT does not see all of the hidden Nasty malware lurking in places that it don’t look at. : ( but, we’ll take care of that. : )

As for the lagging, we’ll work on that as we go further along…

I can’t tell from these logs if your windows firewall is turned on. Please make sure that it is..

You don’t have an AntiVirus, so please download and install one of these:

The best is free - > Avira Antivir My personal recommendation….
It has pop up advertisements when it updates but, I’ll show you how to get rid of those…

The most popular is also free - > AVG 8.5
It’s simple and good but, uses a lot of resources and tends to slow down the older computers…


To help you with some of the lagging, do the following.
This will not remove any of the programs, it will just stop them from running at boot up and you will still be able to access them when they are needed.

1.) Remove Hijackthis Entries
Run HijackThis
Click on the Scan]/b] button
Put a check beside all of the items listed below (if present):


O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
(Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
(Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
(Description: Adobe reader startup - unnecessarily uses system resources.)

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
(Description: WinZip system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.


2.) Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.

Simply copy and paste the contents of that notepad here in your next reply.


3.) Un-install ComboFix we will need a fresh, updated copy.

This may or may not work if you did not follow the instructions and download it to your desktop, if it does not work, then go to where you have Combofix and drag it to the trash.
• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


• When shown the disclaimer, Select "2"

The above procedure will:
• Delete ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.


4.) Download ComboFix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.

Combo will begin to run DO NOTHING while this is happening.
• It will kill a few processes and disconnect you from the internet.
• If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
• This needs to be done so the program can work most efficiently for you.
Do not attempt to use the internet or anything else while it's doing its job for you.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

If when it's completed you can not get on the internet just reboot the computer.

Post the log from comboFix for me located in
c:\comboFix.txt
The HJT Un-install Log
And a fresh HJT Log


Hang in there, it’s going good so far…

2oG

 

Thanks a million for your effort, 2oG!

Anyway, I'm quite puzzled when Avira detect combofix as a virus when I'm doing the scan. Is it kind of a conflict here?

c:\comboFix.txt
ComboFix 09-05-25.A2 - 52309 05/26/2009 23:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.441 [GMT 8:00]
Running from: c:\documents and settings\52309\desktop\combofix.exe
Command switches used :: /killall
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w c:\windows\system32\dllcache\pidgen.dll
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w c:\program files\iPod
2009-05-01 12:49 . 2009-05-01 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-30 23:52 . 2009-04-30 23:52 57344 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-54763f51-n\Decora-SSE.dll
2009-04-30 23:52 . 2009-04-30 23:52 24064 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7227435c-n\Decora-D3D.dll
2009-04-30 23:52 . 2009-04-30 23:52 315392 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl.dll
2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_awt.dll
2009-04-30 23:52 . 2009-04-30 23:52 114688 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_cg.dll
2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-467487f2-n\gluegen-rt.dll
2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcp71.dll
2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\jmc.dll
2009-04-30 23:52 . 2009-04-30 23:52 348160 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcr71.dll
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w c:\program files\Trend Micro
2009-04-28 14:52 . 2009-04-28 14:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:10 . 2009-04-27 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-26 15:35 . 2005-04-16 14:12 5780 ----a-w c:\windows\bthservsdp.dat
2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w c:\documents and settings\52309\Application Data\LimeWire
2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w c:\program files\LimeWire
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w c:\program files\iTunes
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w c:\program files\Common Files\Apple
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w c:\program files\Windows Live
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 23:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...


c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(3160)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-05-26 23:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-26 15:50
ComboFix2.txt 2009-05-14 15:58

Pre-Run: 551,133,184 bytes free
Post-Run: 570,597,376 bytes free


HJT Un-install Log

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.5
All To MP3 Converter 2.15
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom 802.11 Driver
CCleaner (remove only)
Client for Microsoft Office SharePoint Portal Server 2003
Comanche 4
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
DAEMON Tools
DivX Codec
DivX Converter
DivX Player
FoxyTunes for Firefox
Free iPod Video Converter 1.26
Free YouTube to Mp3 Converter version 3.1
GameShadow
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Help and Support
Intel(R) Extreme Graphics 2 Driver
InterVideo WinDVD
Intuitive ERP Client - SEGSVR03 - IERP60
iTunes
Java(TM) 6 Update 12
LaserJet 1020 series
Lexmark 1200 Series
LimeWire 5.1.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Access 2000 SR-1 Runtime
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Reference Library 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Standard 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 1 (SP1)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Mozilla Firefox (3.0.10)
MP3 Converter Simple
MP3 Ringtone Maker
MPL for Windows 4.2 Student
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
muvee autoProducer 3.5 - SE
MyWin Driver 1.2
Payslip
Post-it® Software Notes Lite
Quick Launch Buttons 5.00 C2
QuickTime
Real Alternative 1.7.5
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shockwave
SoftV90 Data Fax Modem with SmartCP
Sonic RecordNow!
Sonic Update Manager
SopCast 3.0.3
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.0 (KB932394)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VideoLAN VLC media player 0.8.6f
Windows Communication Foundation
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
WinRAR archiver


HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:01 PM, on 5/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10204 bytes

 

yeapkl, You’re looking Good!

Don’t be alarmed, most AV’s find that file in ComboFix as a virus, but it’s not….
At the top of the log you’ll se that AntiVir scan was disabled by Combo, on reboot it started and found the file. But, it’s OK.

This Log is like digging through a dumpster.. lol Most of it is trash that will not harm you.. It will take me days to shift through it and try to find anything left that is bad so, don’t give up.. : )

Right now, I do see that you have a Rootkit that needs to be removed and I would like for you to run Malwarebytes’ Anti malware again to clean up what it can of the leftover’s..

Do this, please:

First, un-install ComboFix, using the following procedure:

Click START then RUN
Now copy/paste Combofix /u in runbox and click OK.
Note the space between the X and the /U, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Next, we will need to download the latest updated version of ComboFix:

Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Now disable Avira AntiVir:

Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
• right click it-> untick the option AntiVir Guard enable.
• You should now see a closed, white umbrella on a red background.
Next:
1. Close any open browsers
2. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the quote box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop





Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


If you still have MBM, update it and run the full scan or follow these instructions:

Download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

• Please post the MBAM Log and ComboFix Log in your next reply.


Hang in there, things are looking brighter.. Any problems, please ask before going on.

2oG

 

Here's the logfile...

Btw, how can I disable the Pop-out Advert for Avira??

Thanks!

ComboFix 09-05-31.05 - 52309 06/01/2009 19:01.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.381 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.

2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w- c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-06 14:21 . 2009-05-06 14:21 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 11:07 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w- c:\documents and settings\52309\Application Data\LimeWire
2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w- c:\program files\LimeWire
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w- c:\program files\iPod
2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 19:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(296)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-01 19:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 11:22
ComboFix2.txt 2009-05-26 15:51

Pre-Run: 1,188,388,864 bytes free
Post-Run: 1,198,972,928 bytes free

249 --- E O F --- 2009-05-20 14:18



mbam-log-2009-06-02 (20-40-31).txt

Scan type: Full Scan (C:\|)
Objects scanned: 208573
Time elapsed: 13 hour(s), 41 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\sony\pctools_2009415_0.dll.XXX (Adware.Agent) -> No action taken.

 

yeapkl,

Looks like you may have picked up a little Adware hitch hicker.. we’ll get that later.

Just be sure your firewall and Antivirus are both turned on..

Here’s how to disable the pop-up advert in Avira, depending on which XP you have:

Windows XP Pro

1. Go to Start > Run.
2. Type gpedit.msc and click OK.
3. Navigate through User Configuration > Administrative Templates > System.
4. Double click "Don't run specified Windows applications".
5. Enable it and click show.
6. Add "avnotify.exe".
7. Click OK on all open windows.
8. Restart.


Windows XP Home

1. Boot into Safe Mode.
2. Log into an account with administrator privileges.
3. Open [drive installed on]:\Program Files\Avira\AntiVir PersonalEdition Classic.
4. Right click on avnotify.exe and go to Properties > Security > Advanced.
5. Click on Edit-> Traverse Folder / Execute File-> deny-> OK.
6. Repeat for all users.
7. Reboot your computer normally.


You’re in good shape except for the left over trash… It will take me some time to go through the logs so, don’t give up : )

2oG

 

Hey yeapkl,
We’ll give this a whirl and see what’s left or what I missed lol

Hopefully you have ComboFix left on your desktop..
ComboFix fix
1. Close any open browsers
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop





Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



In your next reply, please post back:

1.Combofix log
2.New HJT log

Tell me how your pc is running now.


2oG

 

Dear 2oG,

When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

Anyway, so far so good.


ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23

Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free

871 --- E O F --- 2009-05-20 14:18




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10247 bytes

 

Dear 2oG,

When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

Anyway, so far so good.


ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23

Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free

871 --- E O F --- 2009-05-20 14:18




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10247 bytes

 

Dear 2oG,

When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

Anyway, so far so good.


ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23

Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free

871 --- E O F --- 2009-05-20 14:18




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10247 bytes

 

Dear 2oG,

When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

Anyway, so far so good.


ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23

Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free

871 --- E O F --- 2009-05-20 14:18




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10247 bytes

 

Dear 2oG,

When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

Anyway, so far so good.


ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\52309\Application Data\LimeWire
c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
c:\documents and settings\52309\Application Data\LimeWire\data.ser
c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
c:\documents and settings\52309\Application Data\LimeWire\filters.props
c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
c:\documents and settings\52309\Application Data\LimeWire\installation.props
c:\documents and settings\52309\Application Data\LimeWire\library.dat
c:\documents and settings\52309\Application Data\LimeWire\library5.dat
c:\documents and settings\52309\Application Data\LimeWire\limewire.props
c:\documents and settings\52309\Application Data\LimeWire\mojito.props
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\52309\Application Data\LimeWire\pub1.key
c:\documents and settings\52309\Application Data\LimeWire\public.key
c:\documents and settings\52309\Application Data\LimeWire\questions.props
c:\documents and settings\52309\Application Data\LimeWire\responses.cache
c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
c:\documents and settings\52309\Application Data\LimeWire\spam.dat
c:\documents and settings\52309\Application Data\LimeWire\tables.props
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
c:\documents and settings\52309\Application Data\LimeWire\update.xml
c:\documents and settings\52309\Application Data\LimeWire\version.key
c:\documents and settings\52309\Application Data\LimeWire\version.xml
c:\documents and settings\52309\Application Data\LimeWire\versions.props
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\BitTorrent
c:\program files\BitTorrent\8642-bittorrent.2611.dmp
c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
c:\program files\BitTorrent\8642-bittorrent.76da.dmp
c:\program files\BitTorrent\8642-bittorrent.a050.dmp
c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
c:\program files\BitTorrent\bittorrent.exe
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\DNA
c:\program files\DNA\btdna.exe
c:\program files\DNA\DNAcpl.cpl
c:\program files\DNA\plugins\npbtdna.dll
c:\program files\LimeWire
c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
c:\program files\LimeWire\Buy LimeWire PRO.url
c:\program files\LimeWire\COPYING
c:\program files\LimeWire\data.ser
c:\program files\LimeWire\hs_err_pid236.log
c:\program files\LimeWire\hs_err_pid3076.log
c:\program files\LimeWire\hs_err_pid384.log
c:\program files\LimeWire\hs_err_pid656.log
c:\program files\LimeWire\inspection.props
c:\program files\LimeWire\install.log
c:\program files\LimeWire\language.prop
c:\program files\LimeWire\lib\additional_resources.jar
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\AppFramework.jar
c:\program files\LimeWire\lib\base64-2.2.2.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-math-1.2.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
c:\program files\LimeWire\lib\EventBus-1.2b.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
c:\program files\LimeWire\lib\guice-snapshot.jar
c:\program files\LimeWire\lib\hashes
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\iTunes-0.0.1.jar
c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
c:\program files\LimeWire\lib\jacob-1.14.1.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcip-annotations.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jna.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\jxlayer.jar
c:\program files\LimeWire\lib\LimeWire.ico
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\log4j.properties
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\miglayout.jar
c:\program files\LimeWire\lib\mozdom4java.jar
c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
c:\program files\LimeWire\lib\mozswing.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\smack.jar
c:\program files\LimeWire\lib\smackx-debug.jar
c:\program files\LimeWire\lib\smackx.jar
c:\program files\LimeWire\lib\swing-worker-1.1.jar
c:\program files\LimeWire\lib\swingx-0.9.4.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\SystemUtilitiesA.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire On Startup.lnk
c:\program files\LimeWire\LimeWire.exe
c:\program files\LimeWire\LimeWire.ico
c:\program files\LimeWire\pmf.ico
c:\program files\LimeWire\root\magnet10\badge.img
c:\program files\LimeWire\root\magnet10\canHandle.img
c:\program files\LimeWire\root\magnet10\limewire.gif
c:\program files\LimeWire\root\magnet10\options.js
c:\program files\LimeWire\root\magnet10\silentdetect.js
c:\program files\LimeWire\SOURCE
c:\program files\LimeWire\spacer.gif
c:\program files\LimeWire\uninstall.exe
c:\program files\LimeWire\unpack.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EPFWTDIR
-------\Legacy_MYPROTECTOR
-------\Service_3qppt58
-------\Service_468aoy1ac
-------\Service_4ddmj4o
-------\Service_58v20f
-------\Service_7yx3zhgur
-------\Service_82wdblow0b
-------\Service_d2yz83c1rc
-------\Service_epfwtdir
-------\Service_faaojfwpo
-------\Service_holda
-------\Service_hxhpvot
-------\Service_m60q7y0
-------\Service_mhv6r42
-------\Service_myprotector
-------\Service_pev26od2
-------\Service_q3i6m8a
-------\Service_r9yr57dd5
-------\Service_wglfl7
-------\Service_yh13phk


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

c:\documents and settings\52309\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
"Script"=advclient.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
"Script"=rpstorage.bat

[HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23775:TCP"= 23775:TCP:BitComet 23775 TCP
"23775:UDP"= 23775:UDP:BitComet 23775 UDP

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
.
Contents of the 'Scheduled Tasks' folder

2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myrp.edu.sg/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(236)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxczcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\UAService7.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\3M\PSNLite\PsnLite.exe
c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
c:\progra~1\3M\PSNLite\PSNGive.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-06-08 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 14:52
ComboFix2.txt 2009-06-01 11:23

Pre-Run: 1,001,263,104 bytes free
Post-Run: 984,276,992 bytes free

871 --- E O F --- 2009-05-20 14:18




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:22 PM, on 6/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 10247 bytes