ComboFix 10-06-17.02 - owner 17/06/2010 23:33:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3034.1915 [GMT 1:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
Command switches used :: c:\users\owner\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
file zipped: c:\programdata\1VjM2R.dat
file zipped: c:\users\owner\AppData\Local\Fdiveqayofika.dat
file zipped: c:\users\owner\AppData\Local\Fxuresebebe.bin
file zipped: c:\windows\system32\drivers\ajumnofe.sys
file zipped: c:\windows\system32\drivers\brfpesnf.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\1VjM2R.dat
c:\programdata\Norton
c:\programdata\Norton\00000082\00000105\00000349\cltLMS1.dat
c:\programdata\Norton\00000082\00000105\00000349\cltLMS2.dat
c:\programdata\Norton\00000082\00000105\cltupgrade.dat
c:\programdata\Norton\00000082\00000105\key.txt
c:\programdata\Norton\symdata.xml
c:\programdata\RegCure
c:\programdata\RegCure\multipledetection.dat
c:\programdata\Symantec
c:\programdata\Symantec\SubEng\platformid.dat
c:\users\owner\AppData\Local\Fdiveqayofika.dat
c:\users\owner\AppData\Local\Fxuresebebe.bin
c:\users\owner\AppData\Roaming\LimeWire
c:\users\owner\AppData\Roaming\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\owner\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\owner\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\owner\AppData\Roaming\LimeWire\createtimes.cache
c:\users\owner\AppData\Roaming\LimeWire\downloads.dat
c:\users\owner\AppData\Roaming\LimeWire\fileurns.cache
c:\users\owner\AppData\Roaming\LimeWire\gnutella.net
c:\users\owner\AppData\Roaming\LimeWire\installation.props
c:\users\owner\AppData\Roaming\LimeWire\library.dat
c:\users\owner\AppData\Roaming\LimeWire\library5.dat
c:\users\owner\AppData\Roaming\LimeWire\limewire.props
c:\users\owner\AppData\Roaming\LimeWire\lock
c:\users\owner\AppData\Roaming\LimeWire\mojito.props
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\owner\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\owner\AppData\Roaming\LimeWire\player.props
c:\users\owner\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\owner\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\owner\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\owner\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\owner\AppData\Roaming\LimeWire\questions.props
c:\users\owner\AppData\Roaming\LimeWire\responses.cache
c:\users\owner\AppData\Roaming\LimeWire\simpp.xml
c:\users\owner\AppData\Roaming\LimeWire\spam.dat
c:\users\owner\AppData\Roaming\LimeWire\tables.props
c:\users\owner\AppData\Roaming\LimeWire\ttdata.cache
c:\users\owner\AppData\Roaming\LimeWire\ttroot.cache
c:\users\owner\AppData\Roaming\LimeWire\uploads.dat\Glee.S01E02.Showmance.HDTV.XviD-FQM.[VTV].avi.fastresume
c:\users\owner\AppData\Roaming\LimeWire\uploads.dat\Glee.S01E02.Showmance.HDTV.XviD-FQM.[VTV].avi.memento
c:\users\owner\AppData\Roaming\LimeWire\version.xml
c:\users\owner\AppData\Roaming\LimeWire\versions.props
c:\users\owner\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\owner\AppData\Roaming\LimeWire\xml\data\video.sxml3
c:\windows\system32\drivers\ajumnofe.sys
c:\windows\system32\drivers\brfpesnf.sys
c:\windows\system32\win.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_twxbmoeoksrmcqrn
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.
2010-06-17 22:43 . 2010-06-17 22:51 -------- d-----w- c:\users\owner\AppData\Local\temp
2010-06-17 22:43 . 2010-06-17 22:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-17 22:43 . 2010-06-17 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-17 22:15 . 2010-06-17 22:16 -------- d-----w- C:\32788R22FWJFW.0.tmp
2010-06-17 08:45 . 2010-05-28 10:40 30584 ----a-w- c:\windows\system32\drivers\nnetsecl.sys
2010-06-17 08:45 . 2010-05-25 12:28 34192 ----a-w- c:\windows\system32\drivers\nnetsecl64.sys
2010-06-12 17:03 . 2010-06-12 17:03 -------- d-----w- c:\program files\trend micro
2010-06-12 17:03 . 2010-06-12 17:04 -------- d-----w- C:\rsit
2010-06-10 10:59 . 2010-06-10 10:59 -------- d-----w- c:\windows\system32\20-20 Technologies
2010-06-09 14:51 . 2010-06-09 14:51 -------- d-----w- c:\program files\Enigma Software Group
2010-06-09 14:51 . 2010-06-09 14:56 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2010-06-08 20:37 . 2010-06-08 20:37 -------- d-----w- C:\MGADiagToolOutput
2010-06-07 21:30 . 2010-06-17 18:39 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-07 21:29 . 2010-06-08 07:14 -------- d-----w- c:\programdata\Hitman Pro
2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-06-07 20:40 . 2010-05-19 07:37 67664 ----a-w- c:\windows\system32\drivers\ale_nf64.sys
2010-06-07 20:40 . 2010-05-14 08:35 48272 ----a-w- c:\windows\system32\drivers\nnetsec.sys
2010-06-07 20:40 . 2010-05-10 08:13 376136 ----a-w- c:\windows\system32\drivers\tdi_nf.sys
2010-06-07 20:21 . 2010-05-19 07:36 60960 ----a-w- c:\windows\system32\drivers\ale_nf.sys
2010-06-07 20:21 . 2009-10-07 12:22 76944 ----a-w- c:\windows\system32\drivers\tdi_rd.sys
2010-06-07 20:21 . 2009-10-07 12:20 82072 ----a-w- c:\windows\system32\drivers\ndis_rd.sys
2010-06-07 20:21 . 2009-10-14 11:03 23392 ----a-w- c:\windows\system32\drivers\nvcv32mf.sys
2010-06-07 20:21 . 2009-10-11 13:06 214344 ----a-w- c:\windows\system32\nscrnsav.scr
2010-06-06 19:52 . 2010-06-07 06:59 -------- d-----w- c:\windows\system32\MpEngineStore
2010-06-05 10:23 . 2010-06-17 22:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-05 10:23 . 2010-06-05 19:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-03 07:00 . 2010-05-21 13:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-02 21:48 . 2010-06-07 20:40 -------- d-----w- c:\program files\Norman
2010-05-25 17:57 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-17 22:32 . 2010-04-28 11:01 -------- d-----w- c:\program files\QuickTime
2010-06-17 22:32 . 2010-04-20 20:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-17 22:32 . 2010-04-28 11:05 -------- d-----w- c:\program files\iTunes
2010-06-17 20:11 . 2009-12-01 22:21 -------- d-----w- c:\users\owner\AppData\Roaming\LPC
2010-06-16 14:38 . 2009-06-28 18:33 -------- d-----w- c:\users\owner\AppData\Roaming\Skype
2010-06-16 14:32 . 2009-06-28 18:37 -------- d-----w- c:\users\owner\AppData\Roaming\skypePM
2010-06-11 07:50 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-11 07:40 . 2009-05-31 19:48 -------- d-----w- c:\programdata\Microsoft Help
2010-06-09 14:51 . 2009-06-04 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-07 18:29 . 2008-01-21 02:24 6144 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys
2010-06-07 17:45 . 2009-08-02 20:20 -------- d-----w- c:\users\owner\AppData\Roaming\CoreFTP
2010-06-07 17:45 . 2009-12-09 07:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 17:45 . 2009-08-02 19:57 -------- d-----w- c:\program files\SmartFTP Client
2010-06-07 17:45 . 2010-04-28 10:53 -------- d-----w- c:\program files\Bonjour
2010-06-07 06:52 . 2009-05-17 12:48 6756 ----a-w- c:\users\owner\AppData\Local\d3d9caps.dat
2010-06-05 19:20 . 2010-04-22 18:09 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-26 17:06 . 2010-06-10 16:12 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 16:12 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-23 11:00 . 2010-04-10 09:54 -------- d-----w- c:\program files\Google
2010-05-08 17:43 . 2010-05-08 14:45 -------- d-----w- c:\programdata\WinZip
2010-05-04 05:59 . 2010-06-10 16:12 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 16:12 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-10 16:12 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-10 16:12 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 16:12 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 14:39 . 2010-04-20 20:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-04-20 20:37 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 11:06 . 2010-04-28 11:05 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-28 11:05 . 2010-04-28 11:05 -------- d-----w- c:\program files\iPod
2010-04-28 11:05 . 2009-06-11 06:51 -------- d-----w- c:\program files\Common Files\Apple
2010-04-23 16:52 . 2010-04-23 16:52 -------- d-----w- c:\program files\WinMerge
2010-04-22 18:10 . 2010-04-22 18:10 -------- d-----w- c:\program files\Common Files\Java
2010-04-22 18:09 . 2009-06-05 18:46 -------- d-----w- c:\program files\Java
2010-04-20 20:37 . 2010-04-20 20:37 -------- d-----w- c:\users\owner\AppData\Roaming\Malwarebytes
2010-04-20 20:37 . 2010-04-20 20:37 -------- d-----w- c:\programdata\Malwarebytes
2010-04-16 07:33 . 2010-04-16 07:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 07:33 . 2010-04-16 07:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-05 17:01 . 2010-06-10 16:12 67072 ----a-w- c:\windows\system32\asycfilt.dll
2009-05-17 13:42 . 2009-05-17 13:42 76 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-11 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-11 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-11 154136]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 3810304]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2009-11-24 189824]
"NPCTray"="c:\program files\Norman\npc\bin\npc_tray.exe" [2010-02-22 93616]
"NOELauncher"="c:\program files\Norman\nsc\bin\noelauncher.exe" [2010-03-23 74056]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
c:\users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\QuickCam\eReg.exe [2008-11-7 517384]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-31 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d3,de,9a,2f,25,3a,ca,01
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 136176]
R3 NASS;Norman Anti Spam Service;c:\program files\Norman\nsc\bin\nassvc32.exe [2010-03-23 133832]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\NSESVC.EXE [2009-11-23 283976]
R3 NUAA;Norman User Activity Agent;c:\program files\Norman\npc\bin\nuaa.exe [2009-10-11 99656]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2009-10-14 23392]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\Nvc\Bin\nvcoas.exe [2010-05-21 202056]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [2009-10-15 133272]
S1 ALE_NF;Norman Network Filter ALE driver;c:\windows\system32\drivers\ale_nf.sys [2010-05-19 60960]
S1 NGS;Norman General Security Driver;c:\program files\norman\ngs\bin\ngs.sys [2010-01-04 26744]
S1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [2010-05-10 72392]
S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\NDISKIO.SYS [2009-10-09 22880]
S2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\Nnf.exe [2010-05-07 210640]
S2 NPFSvc32;Norman Personal Firewall Service;c:\program files\Norman\npf\bin\npfsvc32.exe [2010-06-02 286328]
S2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\Nprosec.exe [2010-05-07 103016]
S2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [2010-05-14 40384]
S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2010-03-15 98776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [2007-10-12 202016]
S2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [2007-08-02 148768]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-19 92008]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 09:54]
2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-10 09:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsig ... &mkt=en-gb
uInternet Settings,ProxyOverride = *.local
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.kp.2020.net/planner/Core/Play ... _Win32.cab
DPF: {96816368-C1E3-414D-A193-63C3CC921990} - hxxp://holidaystore-sitges.remotemanage ... Render.ocx
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr .exe
HKLM-Run-UDC Integration - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-17 23:52
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4380)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Norman\Npm\Bin\Elogsvc.exe
c:\program files\Norman\Npm\Bin\Zanda.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-06-18 00:01:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-17 23:01
ComboFix2.txt 2010-06-15 21:55
Pre-Run: 122,871,656,448 bytes free
Post-Run: 122,764,931,072 bytes free
- - End Of File - - 306A57CF4B57EAE1C780646BB2D39F41
Upload was successful