EXPERT NEEDED....need help to analyze my Hijackthis log

Discussion in 'Windows - Virus and spyware problems' started by yeapkl, Apr 29, 2009.

  1. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:30:47 PM, on 5/18/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    --
    End of file - 16070 bytes
     
  2. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:30:47 PM, on 5/18/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    --
    End of file - 16070 bytes
     
  3. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Oops, sorry...double post

     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    That’s looking good..

    This time, we’ll just take a bigger byte and clear the rest of the bad random services so we can work on the other stuff : )
    Again, take your time and if you have a problem, just holler at me…

    Remove Bad Services

    Step # 1: Remove Hijackthis Entries
    Run HijackThis
    Click on the Scan]/b] button
    Put a check beside all of the items listed below (if present):


    O23 - Service: GflfQak - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: GqzaElw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: GwsgIlg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: GzyoGcd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: HlbxUdm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: HlyvHhd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: HoasVgp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: IclfOrs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: IfbhZub - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: IjllNpk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: InternetExplorer - Unknown owner - C:\WINDOWS\InternetExplorer.exe (file missing)

    O23 - Service: IrxpZdl - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: IvmaSbm - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: JpjpWox - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: KbmiSnk - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: KhfkXav - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: KjcfBgs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: KmouEjd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: LcryRwp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: MeduAeu - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: MgcxFyt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: MyezKrt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: NlfyKcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: NrvjMxz - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: NtdyTit - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: NukuWef - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: NumqIin - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: OdqvMhs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: OtklPti - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: OxjvBpg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: PojjYcf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: PsmkMel - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: QmvyDnr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: QpfjDev - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: QtyyOrn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: QyvpGgo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: QzoaErb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: RuldBkh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: SngwJqb - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: SqdcHcj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: ToknVmo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: UgmhVgt - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: UqrpBdw - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)



    Close all open windows and browsers/email, etc...
    Click on the "Fix Checked" button
    When completed, close the application.


    Step # 2: Delete Bad Services

    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:



    Click on File > Save As....

    In the File Name box, copy and paste in fix.bat
    In the Save as type box, select All Files from the drop-down list.

    Click Save and save it to your Desktop.

    Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


    Now Please post a fresh HJT Log…..


    2oG
     
  5. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    OK man...Here's the latest log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:54:34 PM, on 5/18/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
    O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)
    O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    --
    End of file - 12613 bytes
     
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    OK, buddy, this should be about the last before we start digging around in the registry.

    As always, take your time and if you have a problem, just holler at me…

    Remove Bad HJT entrys

    Step # 1: Remove Hijackthis Entries
    Run HijackThis
    Click on the Scan]/b] button
    Put a check beside all of the items listed below (if present):


    O4 - HKLM\..\Run: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü

    O4 - HKCU\..\RunServices: [Windows Processe Manager] DEFGHIJKLMNOPQRSTUVWXYZ{|}~€�‚ƒ„…†‡êÔ�|ÿ€‘|ÿÿÿÿ¨ü

    O4 - Startup: PowerReg Scheduler.exe

    O16 - DPF: {F6798B0B-9AA9-4AEF-A8CA-D54C36EFDE17} (chkInstallation.checkSoftware) - http://projector.rp.edu.sg/WPGClientCheck.CAB

    O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.89_20060727.cab

    O23 - Service: UzaqFaj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: VihcZhn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: WfnsVhh - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: WhsmOun - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: WztdHqi - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: XafrXem - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: XfsxOil - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: XlayMvo - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: XpebYko - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: XtjiHmp - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: YdpdQsg - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: YoceOqn - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: YqpuJcs - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: YtfpRyr - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: ZkrvQvd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: ZresLdd - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: ZrhfCzj - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)

    O23 - Service: ZvowGmf - Unknown owner - C:\WINDOWS\wuauclt.exe (file missing)



    Close all open windows and browsers/email, etc...
    Click on the "Fix Checked" button
    When completed, close the application.


    Step # 2: Delete Bad Services

    Please open Notepad. Ensure that word wrap is turned off. Click on Format and make sure that there is not a tick next to Word Wrap. If there's one, click on Word Wrap to remove it. Copy and paste the following in the quote box into Notepad:



    Click on File > Save As....

    In the File Name box, copy and paste in fix.bat
    In the Save as type box, select All Files from the drop-down list.

    Click Save and save it to your Desktop.

    Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal.


    Now Please post a fresh HJT Log…..


    2oG
     
    Last edited: May 19, 2009
  7. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    OK, now i can see less rubbish is my system...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:49:12 PM, on 5/20/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10819 bytes
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yes, we’re getting there. Just a little more before getting down to the nuts and bolts.. : )


    Remove Hijackthis Entries
    Run HijackThis
    Click on the Scan button
    Put a check beside all of the items listed below (if present):

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\SPYBOT~1\SDHelper.dll (file missing)

    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


    Close all open windows and browsers/email, etc...
    Click on the "Fix Checked" button
    When completed, close the application.


    Now Please post a fresh HJT Log…..


    2oG
     
    Last edited: May 20, 2009
  9. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Overall there's good improvement in performance but after installing XP service pack 3, my comp becom quite laggy again =(


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:57:38 PM, on 5/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10408 bytes
     
  10. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Great job, yeapkl,

    Your HJT Log is Clean! Problem is, HJT does not see all of the hidden Nasty malware lurking in places that it don’t look at. : ( but, we’ll take care of that. : )

    As for the lagging, we’ll work on that as we go further along…

    I can’t tell from these logs if your windows firewall is turned on. Please make sure that it is..

    You don’t have an AntiVirus, so please download and install one of these:

    The best is free - > Avira Antivir My personal recommendation….
    It has pop up advertisements when it updates but, I’ll show you how to get rid of those…

    The most popular is also free - > AVG 8.5
    It’s simple and good but, uses a lot of resources and tends to slow down the older computers…


    To help you with some of the lagging, do the following.
    This will not remove any of the programs, it will just stop them from running at boot up and you will still be able to access them when they are needed.

    1.) Remove Hijackthis Entries
    Run HijackThis
    Click on the Scan]/b] button
    Put a check beside all of the items listed below (if present):


    O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
    (Description: InstallShield updater - not needed at startup. Removing this may free up system resources.)

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    (Description: Intel hotkey applet. Unnecessary. Removing this will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
    (Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] \"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\"
    (Description: Adobe reader startup - unnecessarily uses system resources.)

    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    (Description: WinZip system tray application. Not necessary. Removing this entry will free up a small amount of system resources.)


    Close all open windows and browsers/email, etc...
    Click on the "Fix Checked" button
    When completed, close the application.


    2.) Make an uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.

    Simply copy and paste the contents of that notepad here in your next reply.


    3.) Un-install ComboFix we will need a fresh, updated copy.

    This may or may not work if you did not follow the instructions and download it to your desktop, if it does not work, then go to where you have Combofix and drag it to the trash.
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    • When shown the disclaimer, Select "2"

    The above procedure will:
    • Delete ComboFix and its associated files and folders.
    • Reset the clock settings.
    • Hide file extensions, if required.
    • Hide System/Hidden files, if required.
    • Reset System Restore.


    4.) Download ComboFix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.




    [​IMG]


    Combo will begin to run DO NOTHING while this is happening.
    • It will kill a few processes and disconnect you from the internet.
    • If by chance it stops prematurely you can re-establish your internet connection by restarting your computer.
    • This needs to be done so the program can work most efficiently for you.
    Do not attempt to use the internet or anything else while it's doing its job for you.

    **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.

    If when it's completed you can not get on the internet just reboot the computer.

    Post the log from comboFix for me located in
    c:\comboFix.txt
    The HJT Un-install Log
    And a fresh HJT Log


    Hang in there, it’s going good so far…

    2oG
     
  11. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Thanks a million for your effort, 2oG!

    Anyway, I'm quite puzzled when Avira detect combofix as a virus when I'm doing the scan. Is it kind of a conflict here?

    c:\comboFix.txt
    ComboFix 09-05-25.A2 - 52309 05/26/2009 23:29.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.441 [GMT 8:00]
    Running from: c:\documents and settings\52309\desktop\combofix.exe
    Command switches used :: /killall
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
    .

    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
    2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w c:\windows\system32\dllcache\pidgen.dll
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w c:\program files\iPod
    2009-05-01 12:49 . 2009-05-01 12:52 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-04-30 23:52 . 2009-04-30 23:52 57344 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-54763f51-n\Decora-SSE.dll
    2009-04-30 23:52 . 2009-04-30 23:52 24064 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7227435c-n\Decora-D3D.dll
    2009-04-30 23:52 . 2009-04-30 23:52 315392 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl.dll
    2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_awt.dll
    2009-04-30 23:52 . 2009-04-30 23:52 114688 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-2076fc83-n\jogl_cg.dll
    2009-04-30 23:52 . 2009-04-30 23:52 20480 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-467487f2-n\gluegen-rt.dll
    2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcp71.dll
    2009-04-30 23:52 . 2009-04-30 23:52 499712 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\jmc.dll
    2009-04-30 23:52 . 2009-04-30 23:52 348160 ----a-w c:\documents and settings\52309\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-7223caed-n\msvcr71.dll
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w c:\program files\Trend Micro
    2009-04-28 14:52 . 2009-04-28 14:52 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:10 . 2009-04-27 15:17 -------- d-----w c:\program files\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-05-26 15:35 . 2005-04-16 14:12 5780 ----a-w c:\windows\bthservsdp.dat
    2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w c:\documents and settings\52309\Application Data\LimeWire
    2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w c:\program files\LimeWire
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w c:\program files\iTunes
    2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w c:\program files\Common Files\Apple
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w c:\program files\Windows Live
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
    2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
    2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
    2009-03-03 00:18 . 2004-08-04 12:00 826368 ----a-w c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
    S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
    S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
    S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
    S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
    S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
    S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
    S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
    S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
    S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
    S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
    S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
    S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
    S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
    S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
    S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SSMDRV
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-05-26 23:39
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...


    c:\windows\system32\wbem\Performance\WmiApRpl_new.ini 924 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(860)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(3160)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-05-26 23:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-05-26 15:50
    ComboFix2.txt 2009-05-14 15:58

    Pre-Run: 551,133,184 bytes free
    Post-Run: 570,597,376 bytes free


    HJT Un-install Log

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8.1.5
    All To MP3 Converter 2.15
    AnswerWorks Runtime
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    Bonjour
    Broadcom 802.11 Driver
    CCleaner (remove only)
    Client for Microsoft Office SharePoint Portal Server 2003
    Comanche 4
    Compatibility Pack for the 2007 Office system
    Conexant AC-Link Audio
    DAEMON Tools
    DivX Codec
    DivX Converter
    DivX Player
    FoxyTunes for Firefox
    Free iPod Video Converter 1.26
    Free YouTube to Mp3 Converter version 3.1
    GameShadow
    Google Earth
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HP Help and Support
    Intel(R) Extreme Graphics 2 Driver
    InterVideo WinDVD
    Intuitive ERP Client - SEGSVR03 - IERP60
    iTunes
    Java(TM) 6 Update 12
    LaserJet 1020 series
    Lexmark 1200 Series
    LimeWire 5.1.2
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft Access 2000 SR-1 Runtime
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta Reference Library 2005
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office FrontPage 2003
    Microsoft Office OneNote 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Standard 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 1 (SP1)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visio Professional 2007
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Text-to-Speech Engine 4.0 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual J# .NET Redistributable Package 1.1
    Mozilla Firefox (3.0.10)
    MP3 Converter Simple
    MP3 Ringtone Maker
    MPL for Windows 4.2 Student
    MSN Music Assistant
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    muvee autoProducer 3.5 - SE
    MyWin Driver 1.2
    Payslip
    Post-it® Software Notes Lite
    Quick Launch Buttons 5.00 C2
    QuickTime
    Real Alternative 1.7.5
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update for Microsoft .NET Framework 2.0 (KB922770)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953155)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB961373)
    Shockwave
    SoftV90 Data Fax Modem with SmartCP
    Sonic RecordNow!
    Sonic Update Manager
    SopCast 3.0.3
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.0 (KB932394)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    VideoLAN VLC media player 0.8.6f
    Windows Communication Foundation
    Windows Defender Signatures
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Service Pack 3
    WinRAR archiver


    HJT Log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:57:01 PM, on 5/26/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10204 bytes

     
  12. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    yeapkl, You’re looking Good!

    Don’t be alarmed, most AV’s find that file in ComboFix as a virus, but it’s not….
    At the top of the log you’ll se that AntiVir scan was disabled by Combo, on reboot it started and found the file. But, it’s OK.

    This Log is like digging through a dumpster.. lol Most of it is trash that will not harm you.. It will take me days to shift through it and try to find anything left that is bad so, don’t give up.. : )

    Right now, I do see that you have a Rootkit that needs to be removed and I would like for you to run Malwarebytes’ Anti malware again to clean up what it can of the leftover’s..

    Do this, please:

    First, un-install ComboFix, using the following procedure:

    Click START then RUN
    Now copy/paste Combofix /u in runbox and click OK.
    Note the space between the X and the /U, it needs to be there.


    [​IMG]
    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


    Next, we will need to download the latest updated version of ComboFix:

    Download Combo fix from one of these locations.
    * IMPORTANT !!! Place combofix.exe on your Desktop

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://subs.geekstogo.com/ComboFix.exe

    Now disable Avira AntiVir:

    Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background.
    • right click it-> untick the option AntiVir Guard enable.
    • You should now see a closed, white umbrella on a red background.
    Next:
    1. Close any open browsers
    2. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the quote box below:
    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


    If you still have MBM, update it and run the full scan or follow these instructions:

    Download Malwarebytes' Anti-Malware to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected. <-- Don't forget this.
    • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

    • Please post the MBAM Log and ComboFix Log in your next reply.


    Hang in there, things are looking brighter.. Any problems, please ask before going on.

    2oG
     
    Last edited: May 27, 2009
  13. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Here's the logfile...

    Btw, how can I disable the Pop-out Advert for Avira??

    Thanks!

    ComboFix 09-05-31.05 - 52309 06/01/2009 19:01.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.381 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
    .

    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    2009-05-21 13:51 . 2009-05-21 13:51 18944 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    2009-05-21 13:51 . 2009-05-21 13:51 17408 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    2009-05-21 13:51 . 2009-05-21 13:51 8192 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    2009-05-21 13:51 . 2009-05-21 13:51 20480 ----a-w- c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    2009-05-21 11:54 . 2009-02-10 06:25 372736 ----a-w- c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-04-06 07:32 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-06 14:48 . 2009-04-06 07:32 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-06 14:21 . 2009-05-06 14:21 -------- d-----w- c:\windows\system32\wbem\Repository

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-01 11:07 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-05-21 17:07 . 2007-07-14 16:57 -------- d-----w- c:\documents and settings\52309\Application Data\LimeWire
    2009-05-21 13:51 . 2007-07-14 16:56 -------- d-----w- c:\program files\LimeWire
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-01 12:51 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-05-01 12:50 . 2009-05-01 12:50 -------- d-----w- c:\program files\iPod
    2009-05-01 12:49 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-05-01 12:41 . 2009-05-01 12:41 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
    2009-03-05 15:59 . 2009-03-18 15:34 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-03-05 15:59 . 2008-11-01 09:35 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 3qppt58;3qppt58;c:\windows\system32\drivers\3qppt58.sys --> c:\windows\system32\drivers\3qppt58.sys [?]
    S0 468aoy1ac;468aoy1ac;c:\windows\system32\drivers\468aoy1ac.sys --> c:\windows\system32\drivers\468aoy1ac.sys [?]
    S0 4ddmj4o;4ddmj4o;c:\windows\system32\drivers\4ddmj4o.sys --> c:\windows\system32\drivers\4ddmj4o.sys [?]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S0 58v20f;58v20f;c:\windows\system32\drivers\58v20f.sys --> c:\windows\system32\drivers\58v20f.sys [?]
    S0 7yx3zhgur;7yx3zhgur;c:\windows\system32\drivers\7yx3zhgur.sys --> c:\windows\system32\drivers\7yx3zhgur.sys [?]
    S0 82wdblow0b;82wdblow0b;c:\windows\system32\drivers\82wdblow0b.sys --> c:\windows\system32\drivers\82wdblow0b.sys [?]
    S0 d2yz83c1rc;d2yz83c1rc;c:\windows\system32\drivers\d2yz83c1rc.sys --> c:\windows\system32\drivers\d2yz83c1rc.sys [?]
    S0 faaojfwpo;faaojfwpo;c:\windows\system32\drivers\faaojfwpo.sys --> c:\windows\system32\drivers\faaojfwpo.sys [?]
    S0 holda;holda;c:\windows\system32\drivers\holda.sys --> c:\windows\system32\drivers\holda.sys [?]
    S0 hxhpvot;hxhpvot;c:\windows\system32\drivers\hxhpvot.sys --> c:\windows\system32\drivers\hxhpvot.sys [?]
    S0 m60q7y0;m60q7y0;c:\windows\system32\drivers\m60q7y0.sys --> c:\windows\system32\drivers\m60q7y0.sys [?]
    S0 mhv6r42;mhv6r42;c:\windows\system32\drivers\mhv6r42.sys --> c:\windows\system32\drivers\mhv6r42.sys [?]
    S0 pev26od2;pev26od2;c:\windows\system32\drivers\pev26od2.sys --> c:\windows\system32\drivers\pev26od2.sys [?]
    S0 q3i6m8a;q3i6m8a;c:\windows\system32\drivers\q3i6m8a.sys --> c:\windows\system32\drivers\q3i6m8a.sys [?]
    S0 r9yr57dd5;r9yr57dd5;c:\windows\system32\drivers\r9yr57dd5.sys --> c:\windows\system32\drivers\r9yr57dd5.sys [?]
    S0 wglfl7;wglfl7;c:\windows\system32\drivers\wglfl7.sys --> c:\windows\system32\drivers\wglfl7.sys [?]
    S0 yh13phk;yh13phk;c:\windows\system32\drivers\yh13phk.sys --> c:\windows\system32\drivers\yh13phk.sys [?]
    S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 myprotector;myprotector;\??\c:\windows\battc.sys --> c:\windows\battc.sys [?]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - component: c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-01 19:11
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(872)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(296)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-01 19:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-01 11:22
    ComboFix2.txt 2009-05-26 15:51

    Pre-Run: 1,188,388,864 bytes free
    Post-Run: 1,198,972,928 bytes free

    249 --- E O F --- 2009-05-20 14:18



    mbam-log-2009-06-02 (20-40-31).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 208573
    Time elapsed: 13 hour(s), 41 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\sony\pctools_2009415_0.dll.XXX (Adware.Agent) -> No action taken.
     
  14. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    yeapkl,

    Looks like you may have picked up a little Adware hitch hicker.. we’ll get that later.

    Just be sure your firewall and Antivirus are both turned on..

    Here’s how to disable the pop-up advert in Avira, depending on which XP you have:

    Windows XP Pro

    1. Go to Start > Run.
    2. Type gpedit.msc and click OK.
    3. Navigate through User Configuration > Administrative Templates > System.
    4. Double click "Don't run specified Windows applications".
    5. Enable it and click show.
    6. Add "avnotify.exe".
    7. Click OK on all open windows.
    8. Restart.


    Windows XP Home

    1. Boot into Safe Mode.
    2. Log into an account with administrator privileges.
    3. Open [drive installed on]:\Program Files\Avira\AntiVir PersonalEdition Classic.
    4. Right click on avnotify.exe and go to Properties > Security > Advanced.
    5. Click on Edit-> Traverse Folder / Execute File-> deny-> OK.
    6. Repeat for all users.
    7. Reboot your computer normally.


    You’re in good shape except for the left over trash… It will take me some time to go through the logs so, don’t give up : )

    2oG
     
  15. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hey yeapkl,
    We’ll give this a whirl and see what’s left or what I missed lol

    Hopefully you have ComboFix left on your desktop..
    ComboFix fix
    1. Close any open browsers
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
    3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:


    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



    [​IMG]

    Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



    In your next reply, please post back:

    1.Combofix log
    2.New HJT log

    Tell me how your pc is running now.


    2oG
     
  16. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Dear 2oG,

    When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

    Anyway, so far so good.


    ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\52309\Application Data\LimeWire
    c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\52309\Application Data\LimeWire\data.ser
    c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\52309\Application Data\LimeWire\filters.props
    c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
    c:\documents and settings\52309\Application Data\LimeWire\installation.props
    c:\documents and settings\52309\Application Data\LimeWire\library.dat
    c:\documents and settings\52309\Application Data\LimeWire\library5.dat
    c:\documents and settings\52309\Application Data\LimeWire\limewire.props
    c:\documents and settings\52309\Application Data\LimeWire\mojito.props
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\52309\Application Data\LimeWire\pub1.key
    c:\documents and settings\52309\Application Data\LimeWire\public.key
    c:\documents and settings\52309\Application Data\LimeWire\questions.props
    c:\documents and settings\52309\Application Data\LimeWire\responses.cache
    c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
    c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
    c:\documents and settings\52309\Application Data\LimeWire\spam.dat
    c:\documents and settings\52309\Application Data\LimeWire\tables.props
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\52309\Application Data\LimeWire\update.xml
    c:\documents and settings\52309\Application Data\LimeWire\version.key
    c:\documents and settings\52309\Application Data\LimeWire\version.xml
    c:\documents and settings\52309\Application Data\LimeWire\versions.props
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
    c:\program files\BitTorrent
    c:\program files\BitTorrent\8642-bittorrent.2611.dmp
    c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
    c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
    c:\program files\BitTorrent\8642-bittorrent.76da.dmp
    c:\program files\BitTorrent\8642-bittorrent.a050.dmp
    c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\hs_err_pid236.log
    c:\program files\LimeWire\hs_err_pid3076.log
    c:\program files\LimeWire\hs_err_pid384.log
    c:\program files\LimeWire\hs_err_pid656.log
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\additional_resources.jar
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\AppFramework.jar
    c:\program files\LimeWire\lib\base64-2.2.2.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-math-1.2.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
    c:\program files\LimeWire\lib\EventBus-1.2b.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
    c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
    c:\program files\LimeWire\lib\guice-snapshot.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\iTunes-0.0.1.jar
    c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
    c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
    c:\program files\LimeWire\lib\jacob-1.14.1.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcip-annotations.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jna.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\jxlayer.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\miglayout.jar
    c:\program files\LimeWire\lib\mozdom4java.jar
    c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
    c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
    c:\program files\LimeWire\lib\mozswing.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\smack.jar
    c:\program files\LimeWire\lib\smackx-debug.jar
    c:\program files\LimeWire\lib\smackx.jar
    c:\program files\LimeWire\lib\swing-worker-1.1.jar
    c:\program files\LimeWire\lib\swingx-0.9.4.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWTDIR
    -------\Legacy_MYPROTECTOR
    -------\Service_3qppt58
    -------\Service_468aoy1ac
    -------\Service_4ddmj4o
    -------\Service_58v20f
    -------\Service_7yx3zhgur
    -------\Service_82wdblow0b
    -------\Service_d2yz83c1rc
    -------\Service_epfwtdir
    -------\Service_faaojfwpo
    -------\Service_holda
    -------\Service_hxhpvot
    -------\Service_m60q7y0
    -------\Service_mhv6r42
    -------\Service_myprotector
    -------\Service_pev26od2
    -------\Service_q3i6m8a
    -------\Service_r9yr57dd5
    -------\Service_wglfl7
    -------\Service_yh13phk


    ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
    .

    2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
    2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
    2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 22:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-08 22:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-08 14:52
    ComboFix2.txt 2009-06-01 11:23

    Pre-Run: 1,001,263,104 bytes free
    Post-Run: 984,276,992 bytes free

    871 --- E O F --- 2009-05-20 14:18




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:22 PM, on 6/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10247 bytes
     
  17. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Dear 2oG,

    When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

    Anyway, so far so good.


    ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\52309\Application Data\LimeWire
    c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\52309\Application Data\LimeWire\data.ser
    c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\52309\Application Data\LimeWire\filters.props
    c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
    c:\documents and settings\52309\Application Data\LimeWire\installation.props
    c:\documents and settings\52309\Application Data\LimeWire\library.dat
    c:\documents and settings\52309\Application Data\LimeWire\library5.dat
    c:\documents and settings\52309\Application Data\LimeWire\limewire.props
    c:\documents and settings\52309\Application Data\LimeWire\mojito.props
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\52309\Application Data\LimeWire\pub1.key
    c:\documents and settings\52309\Application Data\LimeWire\public.key
    c:\documents and settings\52309\Application Data\LimeWire\questions.props
    c:\documents and settings\52309\Application Data\LimeWire\responses.cache
    c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
    c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
    c:\documents and settings\52309\Application Data\LimeWire\spam.dat
    c:\documents and settings\52309\Application Data\LimeWire\tables.props
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\52309\Application Data\LimeWire\update.xml
    c:\documents and settings\52309\Application Data\LimeWire\version.key
    c:\documents and settings\52309\Application Data\LimeWire\version.xml
    c:\documents and settings\52309\Application Data\LimeWire\versions.props
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
    c:\program files\BitTorrent
    c:\program files\BitTorrent\8642-bittorrent.2611.dmp
    c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
    c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
    c:\program files\BitTorrent\8642-bittorrent.76da.dmp
    c:\program files\BitTorrent\8642-bittorrent.a050.dmp
    c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\hs_err_pid236.log
    c:\program files\LimeWire\hs_err_pid3076.log
    c:\program files\LimeWire\hs_err_pid384.log
    c:\program files\LimeWire\hs_err_pid656.log
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\additional_resources.jar
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\AppFramework.jar
    c:\program files\LimeWire\lib\base64-2.2.2.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-math-1.2.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
    c:\program files\LimeWire\lib\EventBus-1.2b.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
    c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
    c:\program files\LimeWire\lib\guice-snapshot.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\iTunes-0.0.1.jar
    c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
    c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
    c:\program files\LimeWire\lib\jacob-1.14.1.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcip-annotations.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jna.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\jxlayer.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\miglayout.jar
    c:\program files\LimeWire\lib\mozdom4java.jar
    c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
    c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
    c:\program files\LimeWire\lib\mozswing.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\smack.jar
    c:\program files\LimeWire\lib\smackx-debug.jar
    c:\program files\LimeWire\lib\smackx.jar
    c:\program files\LimeWire\lib\swing-worker-1.1.jar
    c:\program files\LimeWire\lib\swingx-0.9.4.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWTDIR
    -------\Legacy_MYPROTECTOR
    -------\Service_3qppt58
    -------\Service_468aoy1ac
    -------\Service_4ddmj4o
    -------\Service_58v20f
    -------\Service_7yx3zhgur
    -------\Service_82wdblow0b
    -------\Service_d2yz83c1rc
    -------\Service_epfwtdir
    -------\Service_faaojfwpo
    -------\Service_holda
    -------\Service_hxhpvot
    -------\Service_m60q7y0
    -------\Service_mhv6r42
    -------\Service_myprotector
    -------\Service_pev26od2
    -------\Service_q3i6m8a
    -------\Service_r9yr57dd5
    -------\Service_wglfl7
    -------\Service_yh13phk


    ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
    .

    2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
    2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
    2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 22:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-08 22:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-08 14:52
    ComboFix2.txt 2009-06-01 11:23

    Pre-Run: 1,001,263,104 bytes free
    Post-Run: 984,276,992 bytes free

    871 --- E O F --- 2009-05-20 14:18




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:22 PM, on 6/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10247 bytes

     
  18. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Dear 2oG,

    When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

    Anyway, so far so good.


    ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\52309\Application Data\LimeWire
    c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\52309\Application Data\LimeWire\data.ser
    c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\52309\Application Data\LimeWire\filters.props
    c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
    c:\documents and settings\52309\Application Data\LimeWire\installation.props
    c:\documents and settings\52309\Application Data\LimeWire\library.dat
    c:\documents and settings\52309\Application Data\LimeWire\library5.dat
    c:\documents and settings\52309\Application Data\LimeWire\limewire.props
    c:\documents and settings\52309\Application Data\LimeWire\mojito.props
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\52309\Application Data\LimeWire\pub1.key
    c:\documents and settings\52309\Application Data\LimeWire\public.key
    c:\documents and settings\52309\Application Data\LimeWire\questions.props
    c:\documents and settings\52309\Application Data\LimeWire\responses.cache
    c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
    c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
    c:\documents and settings\52309\Application Data\LimeWire\spam.dat
    c:\documents and settings\52309\Application Data\LimeWire\tables.props
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\52309\Application Data\LimeWire\update.xml
    c:\documents and settings\52309\Application Data\LimeWire\version.key
    c:\documents and settings\52309\Application Data\LimeWire\version.xml
    c:\documents and settings\52309\Application Data\LimeWire\versions.props
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
    c:\program files\BitTorrent
    c:\program files\BitTorrent\8642-bittorrent.2611.dmp
    c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
    c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
    c:\program files\BitTorrent\8642-bittorrent.76da.dmp
    c:\program files\BitTorrent\8642-bittorrent.a050.dmp
    c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\hs_err_pid236.log
    c:\program files\LimeWire\hs_err_pid3076.log
    c:\program files\LimeWire\hs_err_pid384.log
    c:\program files\LimeWire\hs_err_pid656.log
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\additional_resources.jar
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\AppFramework.jar
    c:\program files\LimeWire\lib\base64-2.2.2.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-math-1.2.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
    c:\program files\LimeWire\lib\EventBus-1.2b.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
    c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
    c:\program files\LimeWire\lib\guice-snapshot.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\iTunes-0.0.1.jar
    c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
    c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
    c:\program files\LimeWire\lib\jacob-1.14.1.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcip-annotations.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jna.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\jxlayer.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\miglayout.jar
    c:\program files\LimeWire\lib\mozdom4java.jar
    c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
    c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
    c:\program files\LimeWire\lib\mozswing.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\smack.jar
    c:\program files\LimeWire\lib\smackx-debug.jar
    c:\program files\LimeWire\lib\smackx.jar
    c:\program files\LimeWire\lib\swing-worker-1.1.jar
    c:\program files\LimeWire\lib\swingx-0.9.4.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWTDIR
    -------\Legacy_MYPROTECTOR
    -------\Service_3qppt58
    -------\Service_468aoy1ac
    -------\Service_4ddmj4o
    -------\Service_58v20f
    -------\Service_7yx3zhgur
    -------\Service_82wdblow0b
    -------\Service_d2yz83c1rc
    -------\Service_epfwtdir
    -------\Service_faaojfwpo
    -------\Service_holda
    -------\Service_hxhpvot
    -------\Service_m60q7y0
    -------\Service_mhv6r42
    -------\Service_myprotector
    -------\Service_pev26od2
    -------\Service_q3i6m8a
    -------\Service_r9yr57dd5
    -------\Service_wglfl7
    -------\Service_yh13phk


    ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
    .

    2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
    2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
    2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 22:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-08 22:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-08 14:52
    ComboFix2.txt 2009-06-01 11:23

    Pre-Run: 1,001,263,104 bytes free
    Post-Run: 984,276,992 bytes free

    871 --- E O F --- 2009-05-20 14:18




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:22 PM, on 6/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10247 bytes
     
  19. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Dear 2oG,

    When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

    Anyway, so far so good.


    ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\52309\Application Data\LimeWire
    c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\52309\Application Data\LimeWire\data.ser
    c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\52309\Application Data\LimeWire\filters.props
    c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
    c:\documents and settings\52309\Application Data\LimeWire\installation.props
    c:\documents and settings\52309\Application Data\LimeWire\library.dat
    c:\documents and settings\52309\Application Data\LimeWire\library5.dat
    c:\documents and settings\52309\Application Data\LimeWire\limewire.props
    c:\documents and settings\52309\Application Data\LimeWire\mojito.props
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\52309\Application Data\LimeWire\pub1.key
    c:\documents and settings\52309\Application Data\LimeWire\public.key
    c:\documents and settings\52309\Application Data\LimeWire\questions.props
    c:\documents and settings\52309\Application Data\LimeWire\responses.cache
    c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
    c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
    c:\documents and settings\52309\Application Data\LimeWire\spam.dat
    c:\documents and settings\52309\Application Data\LimeWire\tables.props
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\52309\Application Data\LimeWire\update.xml
    c:\documents and settings\52309\Application Data\LimeWire\version.key
    c:\documents and settings\52309\Application Data\LimeWire\version.xml
    c:\documents and settings\52309\Application Data\LimeWire\versions.props
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
    c:\program files\BitTorrent
    c:\program files\BitTorrent\8642-bittorrent.2611.dmp
    c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
    c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
    c:\program files\BitTorrent\8642-bittorrent.76da.dmp
    c:\program files\BitTorrent\8642-bittorrent.a050.dmp
    c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\hs_err_pid236.log
    c:\program files\LimeWire\hs_err_pid3076.log
    c:\program files\LimeWire\hs_err_pid384.log
    c:\program files\LimeWire\hs_err_pid656.log
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\additional_resources.jar
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\AppFramework.jar
    c:\program files\LimeWire\lib\base64-2.2.2.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-math-1.2.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
    c:\program files\LimeWire\lib\EventBus-1.2b.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
    c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
    c:\program files\LimeWire\lib\guice-snapshot.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\iTunes-0.0.1.jar
    c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
    c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
    c:\program files\LimeWire\lib\jacob-1.14.1.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcip-annotations.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jna.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\jxlayer.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\miglayout.jar
    c:\program files\LimeWire\lib\mozdom4java.jar
    c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
    c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
    c:\program files\LimeWire\lib\mozswing.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\smack.jar
    c:\program files\LimeWire\lib\smackx-debug.jar
    c:\program files\LimeWire\lib\smackx.jar
    c:\program files\LimeWire\lib\swing-worker-1.1.jar
    c:\program files\LimeWire\lib\swingx-0.9.4.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWTDIR
    -------\Legacy_MYPROTECTOR
    -------\Service_3qppt58
    -------\Service_468aoy1ac
    -------\Service_4ddmj4o
    -------\Service_58v20f
    -------\Service_7yx3zhgur
    -------\Service_82wdblow0b
    -------\Service_d2yz83c1rc
    -------\Service_epfwtdir
    -------\Service_faaojfwpo
    -------\Service_holda
    -------\Service_hxhpvot
    -------\Service_m60q7y0
    -------\Service_mhv6r42
    -------\Service_myprotector
    -------\Service_pev26od2
    -------\Service_q3i6m8a
    -------\Service_r9yr57dd5
    -------\Service_wglfl7
    -------\Service_yh13phk


    ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
    .

    2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
    2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
    2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 22:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-08 22:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-08 14:52
    ComboFix2.txt 2009-06-01 11:23

    Pre-Run: 1,001,263,104 bytes free
    Post-Run: 984,276,992 bytes free

    871 --- E O F --- 2009-05-20 14:18




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:22 PM, on 6/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10247 bytes

     
  20. yeapkl

    yeapkl Member

    Joined:
    Apr 29, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    Dear 2oG,

    When I performed scan using Avira it detected quite a number of Trojan...i thought after doing multiple scan with different tools, i won't see all these bugs again =(

    Anyway, so far so good.


    ComboFix 09-06-07.07 - 52309 06/08/2009 22:30.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.734.379 [GMT 8:00]
    Running from: c:\documents and settings\52309\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\52309\Desktop\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\52309\Application Data\LimeWire
    c:\documents and settings\52309\Application Data\LimeWire\412splashfree.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\auth.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\find.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\places.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\update.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\freebl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\js3250.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\LICENSE
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\debug.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\utils.js
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctl.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nspr4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nss3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\platform.ini
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plc4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plds4.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\README.txt
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\designmode.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\forms.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\language.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\mathml.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\quirk.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\svg.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\ua.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\smime3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.chk
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\softokn3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\ssl3.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\updater.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\version.properties
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcom.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpidl.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xul.dll
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
    c:\documents and settings\52309\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
    c:\documents and settings\52309\Application Data\LimeWire\certificate\limewire.keystore
    c:\documents and settings\52309\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\52309\Application Data\LimeWire\data.ser
    c:\documents and settings\52309\Application Data\LimeWire\downloads.dat
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\52309\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\52309\Application Data\LimeWire\filters.props
    c:\documents and settings\52309\Application Data\LimeWire\gnutella.net
    c:\documents and settings\52309\Application Data\LimeWire\installation.props
    c:\documents and settings\52309\Application Data\LimeWire\library.dat
    c:\documents and settings\52309\Application Data\LimeWire\library5.dat
    c:\documents and settings\52309\Application Data\LimeWire\limewire.props
    c:\documents and settings\52309\Application Data\LimeWire\mojito.props
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\.autoreg
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\4BC70045d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\Cache\DFCB219Ed01
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cert8.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\compreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\cookies.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\downloads.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.cache
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\extensions.ini
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\history.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\key3.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\permissions.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\places.sqlite
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\pluginreg.dat
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\prefs.js
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\secmod.db
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\XPC.mfl
    c:\documents and settings\52309\Application Data\LimeWire\mozilla-profile\xpti.dat
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.backup
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.data
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.properties
    c:\documents and settings\52309\Application Data\LimeWire\promotion\promodb.script
    c:\documents and settings\52309\Application Data\LimeWire\pub1.key
    c:\documents and settings\52309\Application Data\LimeWire\public.key
    c:\documents and settings\52309\Application Data\LimeWire\questions.props
    c:\documents and settings\52309\Application Data\LimeWire\responses.cache
    c:\documents and settings\52309\Application Data\LimeWire\secureMessage.key
    c:\documents and settings\52309\Application Data\LimeWire\simpp.xml
    c:\documents and settings\52309\Application Data\LimeWire\spam.dat
    c:\documents and settings\52309\Application Data\LimeWire\tables.props
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\splashpro.png
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\version.txt
    c:\documents and settings\52309\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\52309\Application Data\LimeWire\ttdata.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttree.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\52309\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\52309\Application Data\LimeWire\update.xml
    c:\documents and settings\52309\Application Data\LimeWire\version.key
    c:\documents and settings\52309\Application Data\LimeWire\version.xml
    c:\documents and settings\52309\Application Data\LimeWire\versions.props
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml2
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\audio.sxml3
    c:\documents and settings\52309\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\52309\Application Data\LimeWire\xml\schemas\video.xsd
    c:\program files\BitTorrent
    c:\program files\BitTorrent\8642-bittorrent.2611.dmp
    c:\program files\BitTorrent\8642-bittorrent.45e7.dmp
    c:\program files\BitTorrent\8642-bittorrent.5a2d.dmp
    c:\program files\BitTorrent\8642-bittorrent.76da.dmp
    c:\program files\BitTorrent\8642-bittorrent.a050.dmp
    c:\program files\BitTorrent\8642-bittorrent.b61c.dmp
    c:\program files\BitTorrent\bittorrent.exe
    c:\program files\BitTorrent\BitTorrentIE.2.dll
    c:\program files\BitTorrent\uninst.exe
    c:\program files\DNA
    c:\program files\DNA\btdna.exe
    c:\program files\DNA\DNAcpl.cpl
    c:\program files\DNA\plugins\npbtdna.dll
    c:\program files\LimeWire
    c:\program files\LimeWire\.NetworkShare\LimeWirePackedJars4.12.15.7z
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.12.15.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.3.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe
    c:\program files\LimeWire\.NetworkShare\LimeWireWin5.1.2.exe
    c:\program files\LimeWire\Buy LimeWire PRO.url
    c:\program files\LimeWire\COPYING
    c:\program files\LimeWire\data.ser
    c:\program files\LimeWire\hs_err_pid236.log
    c:\program files\LimeWire\hs_err_pid3076.log
    c:\program files\LimeWire\hs_err_pid384.log
    c:\program files\LimeWire\hs_err_pid656.log
    c:\program files\LimeWire\inspection.props
    c:\program files\LimeWire\install.log
    c:\program files\LimeWire\language.prop
    c:\program files\LimeWire\lib\additional_resources.jar
    c:\program files\LimeWire\lib\aopalliance.jar
    c:\program files\LimeWire\lib\AppFramework.jar
    c:\program files\LimeWire\lib\base64-2.2.2.jar
    c:\program files\LimeWire\lib\clink.jar
    c:\program files\LimeWire\lib\commons-codec-1.3.jar
    c:\program files\LimeWire\lib\commons-logging.jar
    c:\program files\LimeWire\lib\commons-math-1.2.jar
    c:\program files\LimeWire\lib\daap.jar
    c:\program files\LimeWire\lib\dnsjava-2.0.6.jar
    c:\program files\LimeWire\lib\EventBus-1.2b.jar
    c:\program files\LimeWire\lib\gettext-commons.jar
    c:\program files\LimeWire\lib\glazedlists-1.7.0_java15.jar
    c:\program files\LimeWire\lib\guice-assistedinject-snapshot.jar
    c:\program files\LimeWire\lib\guice-snapshot.jar
    c:\program files\LimeWire\lib\hashes
    c:\program files\LimeWire\lib\hsqldb.jar
    c:\program files\LimeWire\lib\httpclient-4.0-beta1.jar
    c:\program files\LimeWire\lib\httpcore-4.0-beta2.jar
    c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2.jar
    c:\program files\LimeWire\lib\icu4j.jar
    c:\program files\LimeWire\lib\iTunes-0.0.1.jar
    c:\program files\LimeWire\lib\jacob-1.14.1-x64.dll
    c:\program files\LimeWire\lib\jacob-1.14.1-x86.dll
    c:\program files\LimeWire\lib\jacob-1.14.1.jar
    c:\program files\LimeWire\lib\jaudiotagger.jar
    c:\program files\LimeWire\lib\jcip-annotations.jar
    c:\program files\LimeWire\lib\jcraft.jar
    c:\program files\LimeWire\lib\jdic.dll
    c:\program files\LimeWire\lib\jdic.jar
    c:\program files\LimeWire\lib\jdic_stub.jar
    c:\program files\LimeWire\lib\jflac.jar
    c:\program files\LimeWire\lib\jl.jar
    c:\program files\LimeWire\lib\jmdns.jar
    c:\program files\LimeWire\lib\jna.jar
    c:\program files\LimeWire\lib\jogg.jar
    c:\program files\LimeWire\lib\jorbis.jar
    c:\program files\LimeWire\lib\jxlayer.jar
    c:\program files\LimeWire\lib\LimeWire.ico
    c:\program files\LimeWire\lib\LimeWire.jar
    c:\program files\LimeWire\lib\log4j.jar
    c:\program files\LimeWire\lib\log4j.properties
    c:\program files\LimeWire\lib\messages.jar
    c:\program files\LimeWire\lib\miglayout.jar
    c:\program files\LimeWire\lib\mozdom4java.jar
    c:\program files\LimeWire\lib\MozillaGlue-1.9.jar
    c:\program files\LimeWire\lib\MozillaInterfaces-1.9.jar
    c:\program files\LimeWire\lib\mozswing.jar
    c:\program files\LimeWire\lib\mp3spi.jar
    c:\program files\LimeWire\lib\onion-common.jar
    c:\program files\LimeWire\lib\onion-fec.jar
    c:\program files\LimeWire\lib\smack.jar
    c:\program files\LimeWire\lib\smackx-debug.jar
    c:\program files\LimeWire\lib\smackx.jar
    c:\program files\LimeWire\lib\swing-worker-1.1.jar
    c:\program files\LimeWire\lib\swingx-0.9.4.jar
    c:\program files\LimeWire\lib\SystemUtilities.dll
    c:\program files\LimeWire\lib\SystemUtilitiesA.dll
    c:\program files\LimeWire\lib\tritonus.jar
    c:\program files\LimeWire\lib\vorbisspi.jar
    c:\program files\LimeWire\LimeWire On Startup.lnk
    c:\program files\LimeWire\LimeWire.exe
    c:\program files\LimeWire\LimeWire.ico
    c:\program files\LimeWire\pmf.ico
    c:\program files\LimeWire\root\magnet10\badge.img
    c:\program files\LimeWire\root\magnet10\canHandle.img
    c:\program files\LimeWire\root\magnet10\limewire.gif
    c:\program files\LimeWire\root\magnet10\options.js
    c:\program files\LimeWire\root\magnet10\silentdetect.js
    c:\program files\LimeWire\SOURCE
    c:\program files\LimeWire\spacer.gif
    c:\program files\LimeWire\uninstall.exe
    c:\program files\LimeWire\unpack.log

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_EPFWTDIR
    -------\Legacy_MYPROTECTOR
    -------\Service_3qppt58
    -------\Service_468aoy1ac
    -------\Service_4ddmj4o
    -------\Service_58v20f
    -------\Service_7yx3zhgur
    -------\Service_82wdblow0b
    -------\Service_d2yz83c1rc
    -------\Service_epfwtdir
    -------\Service_faaojfwpo
    -------\Service_holda
    -------\Service_hxhpvot
    -------\Service_m60q7y0
    -------\Service_mhv6r42
    -------\Service_myprotector
    -------\Service_pev26od2
    -------\Service_q3i6m8a
    -------\Service_r9yr57dd5
    -------\Service_wglfl7
    -------\Service_yh13phk


    ((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
    .

    2009-06-03 16:30 . 2009-06-03 16:30 -------- d-----w- c:\program files\iPod
    2009-06-03 16:21 . 2009-06-03 16:23 -------- d-----w- c:\program files\QuickTime
    2009-06-03 16:08 . 2009-06-03 16:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-01 11:31 . 2009-06-01 11:31 3371383 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-05-26 15:07 . 2009-03-30 02:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-05-26 15:07 . 2009-03-24 08:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-05-26 15:07 . 2009-02-13 04:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-05-26 15:07 . 2009-02-13 04:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\program files\Avira
    2009-05-26 15:07 . 2009-05-26 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-05-20 15:09 . 2009-05-20 15:09 -------- d-----w- c:\documents and settings\52309\Application Data\dvdcss
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\scripting
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\l2schemas
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\en
    2009-05-19 16:47 . 2009-05-19 16:47 -------- d-----w- c:\windows\system32\bits
    2009-05-17 16:06 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
    2009-05-17 16:06 . 2008-04-14 00:12 50688 ------w- c:\windows\system32\tspkg.dll
    2009-05-17 16:05 . 2008-04-13 18:40 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
    2009-05-17 16:05 . 2008-04-14 00:12 32768 ------w- c:\windows\system32\setupn.exe
    2009-05-17 16:05 . 2008-04-14 00:12 61952 ------w- c:\windows\system32\rasqec.dll
    2009-05-17 16:05 . 2008-04-14 00:12 76800 ------w- c:\windows\system32\qutil.dll
    2009-05-17 16:05 . 2008-04-14 00:12 62464 ------w- c:\windows\system32\qcliprov.dll
    2009-05-17 16:05 . 2008-04-14 00:12 291328 ------w- c:\windows\system32\qagentrt.dll
    2009-05-17 16:05 . 2008-04-14 00:12 150528 ------w- c:\windows\system32\qagent.dll
    2009-05-17 16:05 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
    2009-05-17 16:04 . 2008-04-14 00:12 176640 ------w- c:\windows\system32\napstat.exe
    2009-05-17 16:04 . 2008-04-14 00:12 30208 ------w- c:\windows\system32\napipsec.dll
    2009-05-17 16:04 . 2008-04-14 00:12 193024 ------w- c:\windows\system32\napmontr.dll
    2009-05-17 16:04 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
    2009-05-17 16:04 . 2008-09-10 01:14 1307648 -c----w- c:\windows\system32\dllcache\msxml6.dll
    2009-05-17 16:04 . 2008-04-14 00:12 155136 ------w- c:\windows\system32\mssha.dll
    2009-05-17 16:04 . 2008-04-13 18:14 76800 ------w- c:\windows\system32\msshavmsg.dll
    2009-05-17 16:03 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
    2009-05-17 16:03 . 2008-04-14 00:11 397312 ------w- c:\windows\system32\mmcex.dll
    2009-05-17 16:03 . 2008-04-14 00:11 184320 ------w- c:\windows\system32\microsoft.managementconsole.dll
    2009-05-17 16:03 . 2008-04-14 00:11 106496 ------w- c:\windows\system32\mmcfxcommon.dll
    2009-05-17 16:03 . 2008-04-14 00:11 37376 ------w- c:\windows\system32\l2gpstore.dll
    2009-05-17 16:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdpash.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdnepr.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdiultn.dll
    2009-05-17 16:03 . 2008-04-14 00:09 6144 ------w- c:\windows\system32\kbdbhc.dll
    2009-05-17 16:03 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
    2009-05-17 16:03 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-08 14:40 . 2005-04-16 14:12 5780 ----a-w- c:\windows\bthservsdp.dat
    2009-06-04 11:45 . 2005-07-06 04:30 -------- d-----w- c:\program files\iTunes
    2009-06-03 16:30 . 2008-02-22 06:07 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-01 11:32 . 2009-05-06 14:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:20 . 2009-05-06 14:48 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:19 . 2009-05-06 14:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-19 16:55 . 2005-04-15 09:04 89007 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\52309\Application Data\Malwarebytes
    2009-05-06 14:48 . 2009-05-06 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-01 12:52 . 2009-05-01 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-29 11:20 . 2009-04-29 11:20 -------- d-----w- c:\program files\Trend Micro
    2009-04-27 15:17 . 2009-04-27 13:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-04-27 15:17 . 2006-01-01 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-04-27 14:10 . 2005-04-15 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-04-27 14:09 . 2008-02-28 06:04 -------- d-----w- c:\program files\Windows Live
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
    2009-04-27 13:30 . 2009-04-27 13:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
    2009-04-27 13:28 . 2009-04-27 13:28 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
    2009-04-27 13:07 . 2007-01-05 01:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-04-27 13:05 . 2006-07-02 08:12 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-04-20 16:39 . 2009-04-20 16:39 -------- d-----w- c:\program files\MP3 Converter Simple
    2009-04-20 16:36 . 2008-06-27 08:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-04-14 16:41 . 2009-03-18 16:31 40 ----a-w- c:\windows\tmp.dat
    2009-03-19 08:32 . 2009-03-19 08:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 08:32 . 2008-01-29 04:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 290816]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-10-22 229438]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]

    c:\documents and settings\52309\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk *

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\0\0]
    "Script"=advclient.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-839522115-1801674531-725345543-16836\Scripts\Logon\1\0]
    "Script"=rpstorage.bat

    [HKLM\~\startupfolder\C:^Documents and Settings^52309^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\52309\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UTAgent 4.0.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\UTAgent 4.0.lnk
    backup=c:\windows\pss\UTAgent 4.0.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\iERP60\\SEGSVR03\\IERP60\\DotNet\\Intuitive2.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\lxczcoms.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\SopCast\\sopvod.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "23775:TCP"= 23775:TCP:BitComet 23775 TCP
    "23775:UDP"= 23775:UDP:BitComet 23775 UDP

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/26/2009 11:07 PM 108289]
    R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [10/15/2007 9:08 AM 26624]
    S0 4nzed7v;4nzed7;c:\windows\system32\DRIVERS\4nzed7v.sys --> c:\windows\system32\DRIVERS\4nzed7v.sys [?]
    S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S2 pciinfo;HP Pci Information;\??\c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\52309\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
    S3 cdspacex;cdspacex;c:\windows\system32\drivers\cdspacex.sys [5/29/2006 11:59 PM 22570]
    S3 WRSWanDD;iVasion PoET Adapter;c:\windows\system32\drivers\WrKPoETNic2000.sys [4/15/2005 10:56 PM 65604]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-procexp90.Sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.myrp.edu.sg/
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} - hxxp://www.tvkoo.com/update/KooPlayer.ocx
    FF - ProfilePath - c:\documents and settings\52309\Application Data\Mozilla\Firefox\Profiles\84j7865m.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPInfotl.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-08 22:44
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?4?5?3??????? ???B?????????????H<C? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(904)
    c:\windows\system32\klogon.dll

    - - - - - - - > 'explorer.exe'(236)
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxczcoms.exe
    c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\UAService7.exe
    c:\windows\system32\CCM\CcmExec.exe
    c:\program files\3M\PSNLite\PsnLite.exe
    c:\program files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    c:\progra~1\3M\PSNLite\PSNGive.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\msiexec.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-08 22:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-08 14:52
    ComboFix2.txt 2009-06-01 11:23

    Pre-Run: 1,001,263,104 bytes free
    Post-Run: 984,276,992 bytes free

    871 --- E O F --- 2009-05-20 14:18




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:57:22 PM, on 6/8/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16827)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\system32\lxczcoms.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft Encarta\Encarta Reference Library 2005\EDICT.EXE
    C:\PROGRA~1\3M\PSNLite\PSNGive.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myrp.edu.sg/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: LCDPlayer.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
    O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
    O16 - DPF: {555500CD-CB54-11D6-8DB9-0000864598B3} - http://instantsupport.asiapac.hp.com/awebui/jsp/answerweb/applets/HPISDiagManager.CAB
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189433651015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189433612500
    O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\MDT6\AcDcToday.ocx
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\MDT6\InstBanr.ocx
    O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\MDT6\InstFred.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\MDT6\AcPreview.ocx
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O17 - HKLM\Software\..\Telephony: DomainName = rp.edu.sg
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rp.edu.sg
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
    O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 10247 bytes

     

Share This Page