[color=#FF0000Good Evening Dan~
I did what you asked and I belive this is what you need now. Just how bad is it? Hopefully I am doing the right things and you can get this fixed for me. Hope to hear from you soon. Your my HERO today. Thanks so much!!!
Judi][/color]
ComboFix 09-03-06.02 - HP_Administrator 2009-03-08 21:05:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.586 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
FILE ::
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\STS3.tmp
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\holurohu.dll
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\\Program Files\\Soulseek
c:\\Program Files\\Soulseek\attrstrings.cfg
c:\\Program Files\\Soulseek\autoaway.cfg
c:\\Program Files\\Soulseek\chatrooms.cfg
c:\\Program Files\\Soulseek\chatui.cfg
c:\\Program Files\\Soulseek\dlbans.cfg
c:\\Program Files\\Soulseek\extensions.cfg
c:\\Program Files\\Soulseek\hotlist.cfg
c:\\Program Files\\Soulseek\ignores.cfg
c:\\Program Files\\Soulseek\login.cfg
c:\\Program Files\\Soulseek\pchat.cfg
c:\\Program Files\\Soulseek\port.cfg
c:\\Program Files\\Soulseek\queue.cfg
c:\\Program Files\\Soulseek\queue2.cfg
c:\\Program Files\\Soulseek\rcmnd.cfg
c:\\Program Files\\Soulseek\save.cfg
c:\\Program Files\\Soulseek\search.cfg
c:\\Program Files\\Soulseek\shared.cfg
c:\\Program Files\\Soulseek\slsk.exe
c:\\Program Files\\Soulseek\ticker.cfg
c:\\Program Files\\Soulseek\transfersview.cfg
c:\\Program Files\\Soulseek\ui.cfg
c:\\Program Files\\Soulseek\userinfo.cfg
c:\\Program Files\\Soulseek\usernotes.cfg
c:\\Program Files\\Soulseek\wishlist.cfg
c:\documents and settings\HP_Administrator\Application Data\LimeWire
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\HP_Administrator\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\HP_Administrator\Application Data\LimeWire\createtimes.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\downloads.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.bak
c:\documents and settings\HP_Administrator\Application Data\LimeWire\fileurns.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\installation.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\library5.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\limewire.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mojito.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFDd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\HP_Administrator\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\HP_Administrator\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\HP_Administrator\Application Data\LimeWire\simpp.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\tables.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\version.xml
c:\documents and settings\HP_Administrator\Application Data\LimeWire\versions.props
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\HP_Administrator\Application Data\LimeWire\xml\data\video.sxml3
c:\windows\system32\drivers\zbsgwigo.sys
c:\windows\system32\lunarobu.dll
c:\windows\system32\milezedu.dll
c:\windows\system32\zaliremi.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_STOG53
-------\Service_Stog53
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-02 22:45 . 2009-03-03 21:32 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-02 22:45 . 2009-03-02 22:45 1,409 --a------ c:\windows\QTFont.for
2009-03-01 22:16 . 2009-03-01 22:16 <DIR> d-------- c:\program files\Liong - The Lost Amulets
2009-03-01 19:33 . 2009-03-01 19:33 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\EleFun Games
2009-02-22 23:03 . 2009-02-22 23:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\FarmFrenzy-PizzaParty
2009-02-13 22:18 . 2009-02-13 22:18 <DIR> d-------- c:\program files\Common Files\SWF Studio
2009-02-13 21:52 . 2009-02-13 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\ApeZone
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 22:41 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-08 20:49 --------- d-----w c:\program files\Common
2009-03-07 01:39 --------- d-----w c:\program files\iWin.com
2009-03-02 22:46 --------- d-----w c:\documents and settings\All Users\Application Data\FarmFrenzy2
2009-03-02 02:16 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-03-01 23:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\blg
2009-03-01 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\blg
2009-02-09 22:10 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-09 22:10 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-08 04:47 --------- d-----w c:\program files\WildGames
2009-02-08 04:39 --------- d-----w c:\program files\Java
2009-02-03 01:30 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\ViquaSoft
2009-01-24 02:15 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Fabulous Finds
2009-01-24 01:08 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AlterLab
2009-01-19 00:59 15,814 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-01-15 03:45 --------- d-----w c:\documents and settings\All Users\Application Data\DivoGames
2007-04-03 03:50 774,144 ----a-w c:\program files\RngInterstitial.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\blg ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-19 180269]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE" [2003-05-27 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-06-19 27136]
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-03-24 107520]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-06-19 36903]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0stera
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder
2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-CPM7f8cb430 - c:\windows\system32\milezedu.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.mcgc.net/uSearchMigratedDefaultURL =
hxxp://internetsearchservice.com/search?q={searchTerms}
mStart Page =
hxxp://www.google.commWindow Title = Windows Internet Explorer provided by Comcast
mSearchMigratedDefaultURL =
hxxp://internetsearchservice.com/search?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {255B1372-180C-4A22-A02D-1D4AB65F6AC2} - file:///C:/Program%20Files/Mystery%20Solitaire/Images/stg_drm.dll
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} -
hxxps://actsvr.comcastonline.com/techto ... ntrols.cabDPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} -
hxxp://148.61.142.228/activex/AMC.cab.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-08 21:10:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3304520625-3378395371-3525061648-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{89A3A60C-EC05-1420-D9D0-E99A7F004BC5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oakckkjleaabdalcejbmbhjkjlacep"=hex:63,61,6b,65,66,6c,00,7c
"oagccklebkgjmplnccngngpcnijipf"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
"naedelfjfljiijddlnfehponophj"=hex:69,61,6b,65,69,6f,66,6c,61,66,6c,64,68,62,
64,63,64,63,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-08 21:15:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-09 01:15:53
ComboFix2.txt 2009-03-08 20:58:15
Pre-Run: 148,047,925,248 bytes free
Post-Run: 148,004,839,424 bytes free
557 --- E O F --- 2009-03-09 01:15:22