ComboFix 09-12-11.01 - All 12/11/2009 10:18:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.416 [GMT -8:00]
Running from: c:\documents and settings\All\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\All\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FILE ::
"c:\windows\system32\rezumatenoi.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All\Application Data\LimeWire
c:\documents and settings\All\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\All\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\All\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\All\Application Data\LimeWire\createtimes.cache
c:\documents and settings\All\Application Data\LimeWire\downloads.dat
c:\documents and settings\All\Application Data\LimeWire\fileurns.bak
c:\documents and settings\All\Application Data\LimeWire\fileurns.cache
c:\documents and settings\All\Application Data\LimeWire\gnutella.net
c:\documents and settings\All\Application Data\LimeWire\installation.props
c:\documents and settings\All\Application Data\LimeWire\library.dat
c:\documents and settings\All\Application Data\LimeWire\library5.dat
c:\documents and settings\All\Application Data\LimeWire\limewire.props
c:\documents and settings\All\Application Data\LimeWire\mojito.props
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\480E3FA7d01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\60D7D5A5d01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\AE98BDEDd01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\Cache\C758BCB7d01
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\All\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\All\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\All\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\All\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\All\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\All\Application Data\LimeWire\questions.props
c:\documents and settings\All\Application Data\LimeWire\responses.cache
c:\documents and settings\All\Application Data\LimeWire\simpp.xml
c:\documents and settings\All\Application Data\LimeWire\spam.dat
c:\documents and settings\All\Application Data\LimeWire\tables.props
c:\documents and settings\All\Application Data\LimeWire\ttdata.cache
c:\documents and settings\All\Application Data\LimeWire\ttroot.cache
c:\documents and settings\All\Application Data\LimeWire\version.xml
c:\documents and settings\All\Application Data\LimeWire\versions.props
c:\documents and settings\All\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\All\Application Data\LimeWire\xml\data\video.sxml3
c:\windows\system32\rezumatenoi.dat
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-11-11 to 2009-12-11 )))))))))))))))))))))))))))))))
.
2009-12-04 21:41 . 2009-12-04 21:41 -------- d-----w- c:\program files\ERUNT
2009-12-04 21:30 . 2009-12-04 21:30 -------- d-----w- c:\program files\Trend Micro
2009-12-04 14:45 . 2009-12-04 14:45 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-04 14:45 . 2009-12-04 14:45 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords2.dat
2009-12-03 02:07 . 2009-12-03 02:07 0 ----a-w- C:\pcwords.dat
2009-12-03 01:53 . 2009-12-03 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\program files\BitDefender
2009-12-03 01:53 . 2009-12-03 01:53 -------- d-----w- c:\documents and settings\All\Application Data\BitDefender
2009-12-03 01:45 . 2009-12-03 01:54 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-03 01:26 . 2009-12-03 01:29 -------- d-----w- c:\documents and settings\All\Application Data\QuickScan
2009-12-03 01:26 . 2009-11-27 01:39 678912 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2009-12-03 01:26 . 2009-11-27 01:37 768512 ----a-w- c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2009-12-03 01:18 . 2009-12-03 01:18 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-11 18:33 . 2008-06-13 22:06 -------- d-----w- c:\program files\Steam
2009-12-09 22:20 . 2007-05-23 21:53 2999 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-12-09 20:48 . 2006-07-19 02:33 44198 ----a-w- c:\documents and settings\All\Application Data\wklnhst.dat
2009-12-09 20:06 . 2006-11-03 01:13 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-04 05:02 . 2006-08-14 23:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 01:51 . 2008-01-04 22:47 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-11-20 01:57 . 2006-07-20 14:12 -------- d-----w- c:\program files\Electronic Arts
2009-11-20 01:56 . 2006-07-19 19:25 -------- d-----w- c:\program files\EA GAMES
2009-11-11 01:04 . 2009-11-11 01:04 152456 ----a-w- c:\windows\system32\drivers\bdfm.sys
2009-11-11 01:03 . 2009-11-11 01:03 105736 ----a-w- c:\windows\system32\drivers\bdhv.sys
2009-11-03 08:05 . 2008-08-01 07:26 21768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ippeupdt.dll
2009-11-03 08:05 . 2008-08-01 07:26 1897736 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppeupdt.dll
2009-11-03 08:05 . 2008-08-01 07:26 1303816 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\NewFeatures\.update\.target\ppecore.dll
2009-10-29 07:45 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-28 18:01 . 2006-07-25 22:07 -------- d-----w- c:\documents and settings\All\Application Data\Apple Computer
2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\program files\iTunes
2009-10-28 17:56 . 2009-10-28 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-28 17:54 . 2009-10-28 17:54 -------- d-----w- c:\program files\iPod
2009-10-28 17:54 . 2007-07-08 16:14 -------- d-----w- c:\program files\Common Files\Apple
2009-10-28 17:52 . 2009-10-28 17:51 -------- d-----w- c:\program files\QuickTime
2009-10-28 17:42 . 2009-10-28 17:42 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-21 05:38 . 2005-08-16 08:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2005-08-16 08:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 03:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 10:04 . 2006-06-17 18:40 -------- d-----w- c:\program files\Microsoft Works
2009-10-13 10:30 . 2005-08-16 08:18 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2005-08-16 08:18 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2005-08-16 08:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-02 09:08 . 2007-07-13 12:50 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-10-20 02:59 . 2009-12-03 02:02 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2009-12-09 00:20 . 2007-05-23 21:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\steam\steam.exe" [2009-10-27 1217808]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"masqform.exe"="c:\program files\PureEdge\Viewer 6.1\masqform.exe" [2004-04-19 634880]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-08-10 319488]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-04-10 185896]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2009-10-23 1118144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
c:\documents and settings\All\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitDefender\\BitDefender 2010\\vsserv.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 3:31 PM 161064]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [11/10/2009 5:04 PM 152456]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 4:06 PM 183880]
S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys --> c:\program files\Softnyx\RakionIS\Bin\GameGuard\dump_wmimmc.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/17/2006 10:45 AM 30192]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 1:40 PM 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?.home=ytie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Search - ?p=ZNfox000
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com\online
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
FF - ProfilePath - c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\All\Application Data\Mozilla\Firefox\Profiles\xysggp8w.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-11 10:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2009-12-11 10:41:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-11 18:41
ComboFix2.txt 2009-12-09 19:39
Pre-Run: 40,150,020,096 bytes free
Post-Run: 40,075,493,376 bytes free
- - End Of File - - 3E0174C3D7F9DF89CAB0575E4203CDEB