Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HELP...MY 14 year old has been places....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HELP...MY 14 year old has been places....

Unread postby laynegang » March 6th, 2009, 10:01 pm

Can anyone help me and tell me which one or many of these I do not need. My system is running really slow after my 14 year old son decided to surf the web. Can anyone help?

Thanks so much in advance....Maybe you all can help...

Judi



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Updates from HP\9972322\6.3.2.116-9972322\Program\restart.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcgc.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {1f00aec9-9d55-4584-96ae-8050b5b7ce1c} - C:\WINDOWS\system32\zaliremi.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll
O2 - BHO: {9144ccb7-3285-2c38-2e84-632a53e1e31d} - {d13e1e35-a236-48e2-83c2-58237bcc4419} - C:\WINDOWS\system32\idpmgv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [7cbf87ac] rundll32.exe "C:\WINDOWS\system32\lutajugi.dll",b
O4 - HKLM\..\Run: [dotuvazani] Rundll32.exe "C:\WINDOWS\system32\lunarobu.dll",s
O4 - HKLM\..\Run: [CPM7f8cb430] Rundll32.exe "c:\windows\system32\rirayote.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [dotuvazani] Rundll32.exe "C:\WINDOWS\system32\lunarobu.dll",s (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} (SDANetConClass Class) - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techto ... ntrols.cab
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Lottery%20Ticket/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://148.61.142.228/activex/AMC.cab
O18 - Filter hijack: text/html - {5d61a2a8-7b93-4e10-826c-44fd75f95319} - C:\WINDOWS\system32\mst122.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\holurohu.dll idpmgv.dll c:\windows\system32\rirayote.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rirayote.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\rirayote.dll
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9803 bytes
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm
Advertisement
Register to Remove

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 7th, 2009, 1:20 pm

Hi, Judi,

welcome to malwareremoval forums

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.
If you can do these things, everything should go smoothly.
  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.


It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Installed Programs

Please could you give me a list of the programs that are installed.
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.
Will be back with you as soon as I can.
Thanks dan
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 1:30 pm

Thank you dan for helping me.

Here is what I hope you need.

Accurate Outlook Express Mail Expert 3.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
Adobe® Photoshop® Album Starter Edition 3.2
Apple Software Update
Avery Wizard 3.1
AXIS Media Control Embedded
Big Fish Games Client
Build-a-lot (remove only)
ClickArt 1,200,000
Comcast High-Speed Internet Install Wizard
CorelDRAW Graphics Suite 12
Data Fax SoftModem with SmartCP
Desktop Doctor
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
Farm Frenzy 2 (remove only)
getPlus(R)_ocx
Grimm's Hatchery (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP DigitalMedia Archive
HP Document Viewer 6.1
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Web Helper
iPod for Windows 2006-03-23
iTunes
iWin Games (remove only)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Liong: The Lost Amulets
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Move Networks Player for Internet Explorer
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
palmOne
PalmPEI
PC-Doctor 5 for Windows
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Symantec KB-DocID:2003093015493306
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP (remove only)
Viewpoint Media Player
WavePad Uninstall
WildTangent Games
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766


Anything else let me know and I look forward to hearing from you soon. I can even open the internet without 27+popups and other pages open.

Have a great day...

Judi
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 8th, 2009, 2:55 pm

Hi, Judi,

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

----------------------

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 5:07 pm

Hey Dan~

I did what you asked and this is what I ended up with. I hope it is what you need. If I did anything wrong let me know and I will rerun what ever. I hope this helps!

Thanks for all your hardwork in advance...

Hope to hear from you soon.

Judi


ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 16:48:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.562 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\Favorites\Online Security Test.url
c:\documents and settings\HP_Administrator\My Documents\My Documents.url
c:\documents and settings\HP_Administrator\My Documents\My Music\My Music.url
c:\documents and settings\HP_Administrator\My Documents\My Pictures\My Pictures.url
c:\documents and settings\HP_Administrator\My Documents\My Videos\My Video.url
c:\program files\Common Files\companion wizard
c:\program files\Common\helper.dll
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\History\search
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\ahisovud.ini
c:\windows\system32\bagutigo.dll
c:\windows\system32\bzeted.dll
c:\windows\system32\dafumumu.dll
c:\windows\system32\dalasane.dll
c:\windows\system32\dapomove.dll
c:\windows\system32\enasalad.ini
c:\windows\system32\ezehonet.ini
c:\windows\system32\fofejuze.dll
c:\windows\system32\hiyenoro.dll
c:\windows\system32\holurohu.dll
c:\windows\system32\ibbsqt.dll
c:\windows\system32\idpmgv.dll
c:\windows\system32\igujatul.ini
c:\windows\system32\ihesuvap.ini
c:\windows\system32\jesodapi.dll
c:\windows\system32\kelumuro.dll
c:\windows\system32\kipomeke.dll
c:\windows\system32\kuhihihu.dll
c:\windows\system32\kydyws.dll
c:\windows\system32\lhwxdk.dll
c:\windows\system32\lutajugi.dll
c:\windows\system32\neyoneke.dll
c:\windows\system32\obiubj.dll
c:\windows\system32\paduwaze.dll.tmp
c:\windows\system32\pavusehi.dll
c:\windows\system32\pgkcqg.dll
c:\windows\system32\Process.exe
c:\windows\system32\qpuocp.dll
c:\windows\system32\sipijodu.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tadazeka.dll.tmp
c:\windows\system32\tawihuha.dll
c:\windows\system32\tenoheze.dll
c:\windows\system32\tmp.reg
c:\windows\system32\ubumayib.ini
c:\windows\system32\uhihihuk.ini
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vuwizodi.dll
c:\windows\system32\wawugiju.dll
c:\windows\system32\weyageyu.dll.tmp
c:\windows\system32\wudizegu.dll
c:\windows\system32\wusidero.dll
c:\windows\system32\xecefs.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-08 13:18 . 2009-03-08 13:18 30,880 --a------ c:\windows\system32\drivers\zbsgwigo.sys
2009-03-02 22:45 . 2009-03-03 21:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:45 . 2009-03-02 22:45 1,409 --a------ c:\windows\QTFont.for
2009-03-01 22:16 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Liong - The Lost Amulets
2009-03-01 19:33 . 2009-03-01 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-02-22 23:03 . 2009-02-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-20 14:15 . 2009-02-20 14:44 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-02-13 22:18 . 2009-02-13 22:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ApeZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 20:49 --------- d-----w c:\program files\Common
2009-03-07 01:39 --------- d-----w c:\program files\iWin.com
2009-03-04 00:55 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-02 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 23:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-03-01 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-09 22:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-08 04:47 --------- d-----w c:\program files\WildGames
2009-02-08 04:39 --------- d-----w c:\program files\Java
2009-02-03 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ViquaSoft
2009-01-24 02:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Fabulous Finds
2009-01-24 01:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AlterLab
2009-01-19 00:59 15,814 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-15 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2007-04-03 03:50 774,144 ----a-w c:\program files\RngInterstitial.dll
1601-01-01 00:12 48,128 --sha-w c:\windows\system32\lunarobu.dll
1601-01-01 00:12 48,128 --sha-w c:\windows\system32\zaliremi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f00aec9-9d55-4584-96ae-8050b5b7ce1c}]
48128 --ahs---- c:\windows\system32\zaliremi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"dotuvazani"="c:\windows\system32\lunarobu.dll" [ 48128]
"CPM7f8cb430"="c:\windows\system32\milezedu.dll" [2009-03-07 84992]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-19 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-19 36903]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\milezedu.dll" [2009-03-07 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\milezedu.dll [2009-03-07 84992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\holurohu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\explorer.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S0 Stog53;Stog53; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-03-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{dd9a2fb9-2e92-4a0a-988f-443914f2711d} - c:\windows\system32\kydyws.dll
HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mcgc.net/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techto ... ntrols.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.142.228/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 16:54:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp 81 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3304520625-3378395371-3525061648-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89A3A60C-EC05-1420-D9D0-E99A7F004BC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakckkjleaabdalcejbmbhjkjlacep"=hex:63,61,6b,65,66,6c,00,7c
"oagccklebkgjmplnccngngpcnijipf"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
"naedelfjfljiijddlnfehponophj"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-08 16:58:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-08 20:58:11

Pre-Run: 147,907,670,016 bytes free
Post-Run: 148,044,779,520 bytes free

527 --- E O F --- 2009-03-02 22:54:26
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 8th, 2009, 5:27 pm

That's fine Judi, just what I needed. :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 8th, 2009, 5:58 pm

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Jotti

Please visit Jotti
Copy/paste the the following file path into the window
c:\windows\system32\milezedu.dll

Click Submit/Send File
Please post back, to let me know the results.

Please do the same for the following file
c:\windows\system32\zaliremi.dll

If Jotti is too busy please try Virustotal
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 6:50 pm

Dan this is the results from the first file you wanted me to check.

Hope this helps.....

Thanks again for everything....Your a really big help!!

Judi
File milezedu.dll_ received on 03.08.2009 23:45:43 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 12/39 (30.77%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.08 Virus.Win32.Virtumonde!IK
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.08 HEUR/Crypted
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.08 -
AVG 8.0.0.237 2009.03.08 -
BitDefender 7.2 2009.03.08 Gen:Trojan.Heur.P5008F7B7B7
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.08 -
eSafe 7.0.17.0 2009.03.08 Suspicious File
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.08 -
Fortinet 3.117.0.0 2009.03.08 -
GData 19 2009.03.08 Gen:Trojan.Heur.P5008F7B7B7
Ikarus T3.1.1.45.0 2009.03.08 Virus.Win32.Virtumonde
K7AntiVirus 7.10.663 2009.03.07 -
Kaspersky 7.0.0.125 2009.03.08 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.08 -
NOD32 3917 2009.03.07 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.08 -
Panda 10.0.0.10 2009.03.08 -
PCTools 4.4.2.0 2009.03.08 -
Prevx1 V2 2009.03.08 High Risk Fraudulent Security Program
Rising 21.19.42.00 2009.03.06 Trojan.Win32.VUNDO.cnw
SecureWeb-Gateway 6.7.6 2009.03.08 Heuristic.Crypted
Sophos 4.39.0 2009.03.08 Troj/Virtum-Gen
Sunbelt 3.2.1858.2 2009.03.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.03.08 -
TheHacker 6.3.2.7.276 2009.03.08 -
TrendMicro 8.700.0.1004 2009.03.06 -
VBA32 3.12.10.1 2009.03.08 -
ViRobot 2009.3.7.1639 2009.03.07 -
VirusBuster 4.5.11.0 2009.03.08 Trojan.Vundo.Gen!Pac.29
Additional information
File size: 84992 bytes
MD5...: 5fa65744413e3493a67e63c09de27f7e
SHA1..: a80b9e896d7d4cf0073653d4c221721e2020398a
SHA256: 1843f96e8edc0160ca724296b6320e36df82534e422a7dc9fb553c74af6d1ffe
SHA512: 06049c787cbd209875215ada8c2b1e3169d1f4a1e2dc613551dd02fc28e36134
2b02fe739e8de176e87dadc360bf8630fe0743c4a28462c8c95f5d3b16495fb9
ssdeep: 1536:+fEhLUh9SuGSuckAQq9dssB0Oau+Xfe0pLweGhDoYadhrxi8z6XH5MkVE+T
:ysdVSucTQqgQau+P/pLV3rhJwT/

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.5%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x25026
timedatestamp.....: 0x4823bb02 (Fri May 09 02:46:26 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1000 0x200 7.57 8332d97ad6fc6fb86aecbb8f9781600d
0x2000 0x1000 0x200 7.62 48d58452f3f5daf94b6b77fd0e414537
0x3000 0x21000 0x11800 8.00 0716373e3527a3233b0ae694aaf29d86
.crt__ 0x24000 0x1000 0x400 2.28 29ddf685fc3dcdab3168803f5797cbd5
.pdata 0x25000 0x3000 0x2800 5.25 ed71c69262d04449ac17a0f8a1ad944c

( 4 imports )
> USER32.dll: GetSystemMetrics, SystemParametersInfoA
> KERNEL32.dll: ExitProcess, CreateFileA
> GDI32.dll: ArcTo, Arc
> comdlg32.dll: PrintDlgExW

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=34205118002566E04C72012FE08CFE00BE596CB2' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=34205118002566E04C72012FE08CFE00BE596CB2</a>


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



This is the results from the second one you wanted me to check.

Hope this is right....


File zaliremi.dll_ received on 03.08.2009 23:48:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 16/39 (41.03%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.08 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.08 HEUR/Crypted
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.08 -
AVG 8.0.0.237 2009.03.08 Generic12.CBKY
BitDefender 7.2 2009.03.08 Gen:Trojan.Heur.P207887C7C7
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.08 Trojan.Virtumod.1648
eSafe 7.0.17.0 2009.03.08 Suspicious File
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 W32/Virtumonde.AV.gen!Eldorado
F-Secure 8.0.14470.0 2009.03.08 -
Fortinet 3.117.0.0 2009.03.08 -
GData 19 2009.03.08 Gen:Trojan.Heur.P207887C7C7
Ikarus T3.1.1.45.0 2009.03.08 -
K7AntiVirus 7.10.663 2009.03.07 -
Kaspersky 7.0.0.125 2009.03.08 -
McAfee 5547 2009.03.08 Vundo.gen.ab
McAfee+Artemis 5547 2009.03.08 Vundo.gen.ab
Microsoft 1.4405 2009.03.08 Trojan:Win32/Vundo.gen!AJ
NOD32 3917 2009.03.07 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.08 -
Panda 10.0.0.10 2009.03.08 -
PCTools 4.4.2.0 2009.03.08 -
Prevx1 V2 2009.03.08 High Risk Fraudulent Security Program
Rising 21.19.42.00 2009.03.06 Trojan.Win32.VUNDO.cnw
SecureWeb-Gateway 6.7.6 2009.03.08 Heuristic.Crypted
Sophos 4.39.0 2009.03.08 Troj/Virtum-Gen
Sunbelt 3.2.1858.2 2009.03.08 VIPRE.Suspicious
Symantec 1.4.4.12 2009.03.08 -
TheHacker 6.3.2.7.276 2009.03.08 -
TrendMicro 8.700.0.1004 2009.03.06 -
VBA32 3.12.10.1 2009.03.08 -
ViRobot 2009.3.7.1639 2009.03.07 -
VirusBuster 4.5.11.0 2009.03.08 Trojan.Vundo.Gen!Pac.29
Additional information
File size: 48128 bytes
MD5...: f08ba4eec1a92104cbb0a4e0e5530d5e
SHA1..: 753512feec0e03f0aa2d363df242c45a296a8306
SHA256: 2c649ceec91352ff9da50002ae9374079ffc26ebf68316df2c72ec578b8fb9c6
SHA512: 9ff587062bcded0bbd9d1f2bb2a0ed5a9076dfa31154b465380d8b00f4811fda
e256c2a5ae8040b469ef405263f309de0d6c6034d23985868536f34f10bed510
ssdeep: 768:hKkFsvs6GRuNYeK0u+RJLwDRJJiwlkJZv5ClcHKlzz58ORIPcCMa/MMZEyvs
9A:hKkFsvs6Gc/qfgwlkJZvsmkz580IPcBg

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (38.4%)
Win32 Dynamic Link Library (generic) (34.2%)
Clipper DOS Executable (9.1%)
Generic Win/DOS Executable (9.0%)
DOS Executable Generic (9.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1e918
timedatestamp.....: 0x4823a9de (Fri May 09 01:33:18 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1000 0x200 7.55 546d337e08724bfe2a32c81ca4efd289
0x2000 0x1000 0x200 7.63 bf09daf8a6a0178f52b2713d58866c72
0x3000 0x1a000 0x8800 7.99 281e10ec8862f5d7b677b4344b7eeb0e
.crt__ 0x1d000 0x1000 0x400 2.23 f36140843eb2b8229957a9f989f2e232
.pdata 0x1e000 0x3000 0x2800 5.18 d133c9c37f6663be72e34bb23233a9e5

( 4 imports )
> USER32.dll: GetSystemMetrics, SystemParametersInfoA
> KERNEL32.dll: ExitProcess, CreateFileA
> GDI32.dll: ArcTo, Arc
> comdlg32.dll: PrintDlgExW

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2D28E035003BA433BC2900BEDE7B91004DDFA386' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2D28E035003BA433BC2900BEDE7B91004DDFA386</a>


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 8th, 2009, 7:12 pm

Hi, Judi, Had a feeling they would be bad but needed to check. :)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\lunarobu.dll
c:\windows\system32\zaliremi.dll
c:\windows\system32\lunarobu.dll
c:\windows\system32\holurohu.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp
c:\windows\system32\milezedu.dll
Folder::
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\\Program Files\\Soulseek
DirLook::
c:\documents and settings\All Users\Application Data\blg
Driver::
Stog53
CPM7f8cb430
dotuvazani
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f00aec9-9d55-4584-96ae-8050b5b7ce1c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dotuvazani"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 9:22 pm

[color=#FF0000Good Evening Dan~

I did what you asked and I belive this is what you need now. Just how bad is it? Hopefully I am doing the right things and you can get this fixed for me. Hope to hear from you soon. Your my HERO today. Thanks so much!!!

Judi][/color]


ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 21:05:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.586 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\holurohu.dll
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Program Files\\Soulseek
c:\\Program Files\\Soulseek\attrstrings.cfg
c:\\Program Files\\Soulseek\autoaway.cfg
c:\\Program Files\\Soulseek\chatrooms.cfg
c:\\Program Files\\Soulseek\chatui.cfg
c:\\Program Files\\Soulseek\dlbans.cfg
c:\\Program Files\\Soulseek\extensions.cfg
c:\\Program Files\\Soulseek\hotlist.cfg
c:\\Program Files\\Soulseek\ignores.cfg
c:\\Program Files\\Soulseek\login.cfg
c:\\Program Files\\Soulseek\pchat.cfg
c:\\Program Files\\Soulseek\port.cfg
c:\\Program Files\\Soulseek\queue.cfg
c:\\Program Files\\Soulseek\queue2.cfg
c:\\Program Files\\Soulseek\rcmnd.cfg
c:\\Program Files\\Soulseek\save.cfg
c:\\Program Files\\Soulseek\search.cfg
c:\\Program Files\\Soulseek\shared.cfg
c:\\Program Files\\Soulseek\slsk.exe
c:\\Program Files\\Soulseek\ticker.cfg
c:\\Program Files\\Soulseek\transfersview.cfg
c:\\Program Files\\Soulseek\ui.cfg
c:\\Program Files\\Soulseek\userinfo.cfg
c:\\Program Files\\Soulseek\usernotes.cfg
c:\\Program Files\\Soulseek\wishlist.cfg
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library5.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFDd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml3
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STOG53
-------\Service_Stog53


((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-02 22:45 . 2009-03-03 21:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:45 . 2009-03-02 22:45 1,409 --a------ c:\windows\QTFont.for
2009-03-01 22:16 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Liong - The Lost Amulets
2009-03-01 19:33 . 2009-03-01 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-02-22 23:03 . 2009-02-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-13 22:18 . 2009-02-13 22:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ApeZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 20:49 --------- d-----w c:\program files\Common
2009-03-07 01:39 --------- d-----w c:\program files\iWin.com
2009-03-02 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 23:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-03-01 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-09 22:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-08 04:47 --------- d-----w c:\program files\WildGames
2009-02-08 04:39 --------- d-----w c:\program files\Java
2009-02-03 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ViquaSoft
2009-01-24 02:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Fabulous Finds
2009-01-24 01:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AlterLab
2009-01-19 00:59 15,814 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-15 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2007-04-03 03:50 774,144 ----a-w c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\blg ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-19 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-03-24 107520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-19 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM7f8cb430 - c:\windows\system32\milezedu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mcgc.net/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techto ... ntrols.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.142.228/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 21:10:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3304520625-3378395371-3525061648-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89A3A60C-EC05-1420-D9D0-E99A7F004BC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakckkjleaabdalcejbmbhjkjlacep"=hex:63,61,6b,65,66,6c,00,7c
"oagccklebkgjmplnccngngpcnijipf"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
"naedelfjfljiijddlnfehponophj"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-08 21:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 01:15:53
ComboFix2.txt 2009-03-08 20:58:15

Pre-Run: 148,047,925,248 bytes free
Post-Run: 148,004,839,424 bytes free

557 --- E O F --- 2009-03-09 01:15:22
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 9:22 pm

[color=#FF0000Good Evening Dan~

I did what you asked and I belive this is what you need now. Just how bad is it? Hopefully I am doing the right things and you can get this fixed for me. Hope to hear from you soon. Your my HERO today. Thanks so much!!!

Judi][/color]


ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 21:05:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.586 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\holurohu.dll
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Program Files\\Soulseek
c:\\Program Files\\Soulseek\attrstrings.cfg
c:\\Program Files\\Soulseek\autoaway.cfg
c:\\Program Files\\Soulseek\chatrooms.cfg
c:\\Program Files\\Soulseek\chatui.cfg
c:\\Program Files\\Soulseek\dlbans.cfg
c:\\Program Files\\Soulseek\extensions.cfg
c:\\Program Files\\Soulseek\hotlist.cfg
c:\\Program Files\\Soulseek\ignores.cfg
c:\\Program Files\\Soulseek\login.cfg
c:\\Program Files\\Soulseek\pchat.cfg
c:\\Program Files\\Soulseek\port.cfg
c:\\Program Files\\Soulseek\queue.cfg
c:\\Program Files\\Soulseek\queue2.cfg
c:\\Program Files\\Soulseek\rcmnd.cfg
c:\\Program Files\\Soulseek\save.cfg
c:\\Program Files\\Soulseek\search.cfg
c:\\Program Files\\Soulseek\shared.cfg
c:\\Program Files\\Soulseek\slsk.exe
c:\\Program Files\\Soulseek\ticker.cfg
c:\\Program Files\\Soulseek\transfersview.cfg
c:\\Program Files\\Soulseek\ui.cfg
c:\\Program Files\\Soulseek\userinfo.cfg
c:\\Program Files\\Soulseek\usernotes.cfg
c:\\Program Files\\Soulseek\wishlist.cfg
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library5.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFDd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml3
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STOG53
-------\Service_Stog53


((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-02 22:45 . 2009-03-03 21:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:45 . 2009-03-02 22:45 1,409 --a------ c:\windows\QTFont.for
2009-03-01 22:16 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Liong - The Lost Amulets
2009-03-01 19:33 . 2009-03-01 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-02-22 23:03 . 2009-02-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-13 22:18 . 2009-02-13 22:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ApeZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 20:49 --------- d-----w c:\program files\Common
2009-03-07 01:39 --------- d-----w c:\program files\iWin.com
2009-03-02 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 23:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-03-01 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-09 22:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-08 04:47 --------- d-----w c:\program files\WildGames
2009-02-08 04:39 --------- d-----w c:\program files\Java
2009-02-03 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ViquaSoft
2009-01-24 02:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Fabulous Finds
2009-01-24 01:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AlterLab
2009-01-19 00:59 15,814 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-15 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2007-04-03 03:50 774,144 ----a-w c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\blg ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-19 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-03-24 107520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-19 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM7f8cb430 - c:\windows\system32\milezedu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mcgc.net/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techto ... ntrols.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.142.228/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 21:10:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3304520625-3378395371-3525061648-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89A3A60C-EC05-1420-D9D0-E99A7F004BC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakckkjleaabdalcejbmbhjkjlacep"=hex:63,61,6b,65,66,6c,00,7c
"oagccklebkgjmplnccngngpcnijipf"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
"naedelfjfljiijddlnfehponophj"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-08 21:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 01:15:53
ComboFix2.txt 2009-03-08 20:58:15

Pre-Run: 148,047,925,248 bytes free
Post-Run: 148,004,839,424 bytes free

557 --- E O F --- 2009-03-09 01:15:22
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 9:22 pm

[color=#FF0000Good Evening Dan~

I did what you asked and I belive this is what you need now. Just how bad is it? Hopefully I am doing the right things and you can get this fixed for me. Hope to hear from you soon. Your my HERO today. Thanks so much!!!

Judi][/color]


ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 21:05:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.586 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\holurohu.dll
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\\Program Files\\Soulseek
c:\\Program Files\\Soulseek\attrstrings.cfg
c:\\Program Files\\Soulseek\autoaway.cfg
c:\\Program Files\\Soulseek\chatrooms.cfg
c:\\Program Files\\Soulseek\chatui.cfg
c:\\Program Files\\Soulseek\dlbans.cfg
c:\\Program Files\\Soulseek\extensions.cfg
c:\\Program Files\\Soulseek\hotlist.cfg
c:\\Program Files\\Soulseek\ignores.cfg
c:\\Program Files\\Soulseek\login.cfg
c:\\Program Files\\Soulseek\pchat.cfg
c:\\Program Files\\Soulseek\port.cfg
c:\\Program Files\\Soulseek\queue.cfg
c:\\Program Files\\Soulseek\queue2.cfg
c:\\Program Files\\Soulseek\rcmnd.cfg
c:\\Program Files\\Soulseek\save.cfg
c:\\Program Files\\Soulseek\search.cfg
c:\\Program Files\\Soulseek\shared.cfg
c:\\Program Files\\Soulseek\slsk.exe
c:\\Program Files\\Soulseek\ticker.cfg
c:\\Program Files\\Soulseek\transfersview.cfg
c:\\Program Files\\Soulseek\ui.cfg
c:\\Program Files\\Soulseek\userinfo.cfg
c:\\Program Files\\Soulseek\usernotes.cfg
c:\\Program Files\\Soulseek\wishlist.cfg
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library5.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFDd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml3
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_STOG53
-------\Service_Stog53


((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-02 22:45 . 2009-03-03 21:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:45 . 2009-03-02 22:45 1,409 --a------ c:\windows\QTFont.for
2009-03-01 22:16 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Liong - The Lost Amulets
2009-03-01 19:33 . 2009-03-01 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-02-22 23:03 . 2009-02-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-13 22:18 . 2009-02-13 22:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ApeZone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 20:49 --------- d-----w c:\program files\Common
2009-03-07 01:39 --------- d-----w c:\program files\iWin.com
2009-03-02 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 23:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-03-01 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-09 22:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-08 04:47 --------- d-----w c:\program files\WildGames
2009-02-08 04:39 --------- d-----w c:\program files\Java
2009-02-03 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ViquaSoft
2009-01-24 02:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Fabulous Finds
2009-01-24 01:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AlterLab
2009-01-19 00:59 15,814 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-15 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2007-04-03 03:50 774,144 ----a-w c:\program files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\All Users\Application Data\blg ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-19 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-03-24 107520]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-19 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CPM7f8cb430 - c:\windows\system32\milezedu.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mcgc.net/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techto ... ntrols.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.142.228/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 21:10:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3304520625-3378395371-3525061648-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89A3A60C-EC05-1420-D9D0-E99A7F004BC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakckkjleaabdalcejbmbhjkjlacep"=hex:63,61,6b,65,66,6c,00,7c
"oagccklebkgjmplnccngngpcnijipf"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
"naedelfjfljiijddlnfehponophj"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-08 21:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 01:15:53
ComboFix2.txt 2009-03-08 20:58:15

Pre-Run: 148,047,925,248 bytes free
Post-Run: 148,004,839,424 bytes free

557 --- E O F --- 2009-03-09 01:15:22
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 8th, 2009, 9:24 pm

Sorry, my computer is still not running right....
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm

Re: HELP...MY 14 year old has been places....

Unread postby dan12 » March 9th, 2009, 4:51 am

Don't worry, were getting there you are doing really well. :)
I think you posted this log a couple more times than you wanted to. :)
I will look over your returned log and hope to be back with you soon.
Can I see a fresh HJT log please.
dan :)
User avatar
dan12
MRU Honors Grad Emeritus
 
Posts: 6123
Joined: March 30th, 2006, 3:22 am
Location: Leicestershire

Re: HELP...MY 14 year old has been places....

Unread postby laynegang » March 9th, 2009, 9:28 am

Good Morning~

Can you please tell me what a HJT log is? Also I am at work so I will not be able to get back with you till after 5pm, seeing that I am not at home on that computer.

Have a wonderful day. Thnaks again

Judi
laynegang
Regular Member
 
Posts: 18
Joined: March 6th, 2009, 9:47 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware