lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Windows Vista Won't Update

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
Page 3 of 6 12 3 456
 
Thread Tools
  #21  
Old 25th May 2009, 14:21
Donor Group
  
No the problem was there before I installed IE. LOL I installed it in case Windows update was being picky about the IE version........

Working on the rest of the tasks you assigned me, be done in about 15-20 minutes tops.
  #22  
Old 25th May 2009, 15:02
Donor Group
  
Did the site suffer from a DNF attack a few minutes ago? Anyways, here is the log. I see some Norton references, more specifically firewall. They have the block incoming value set at 1 not 0. Is that a problem? I've run that Norton removal tool twice now.......

ComboFix 09-05-25.03 - Shirley 05/25/2009 17:46.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1834 [GMT -4:00]
Running from: c:\users\Shirley\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-25 20:58 . 2009-05-25 20:58 -------- d-----w c:\programdata\Office Genuine Advantage
2009-05-24 11:58 . 2009-05-24 11:58 -------- d-----w c:\programdata\NortonInstaller
2009-05-22 23:57 . 2009-05-25 20:48 117760 ----a-w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 23:56 . 2009-05-22 23:56 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-22 23:52 . 2009-05-22 23:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 23:52 . 2009-05-22 23:52 -------- d-----w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
2009-05-22 20:36 . 2009-05-22 20:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 15:06 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 15:06 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 15:06 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 15:06 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 15:06 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 15:06 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 15:06 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-22 15:06 . 2009-05-22 15:06 -------- d-----w c:\program files\Alwil Software
2009-05-22 04:38 . 2009-05-22 04:38 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-20 12:43 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-20 12:43 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-20 12:43 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-20 12:43 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-20 12:43 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-20 12:33 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-20 12:33 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-20 12:33 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-20 12:32 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-20 12:32 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-20 11:39 . 2009-05-20 11:39 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-20 04:03 . 2009-05-20 11:00 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-19 23:20 . 2009-05-19 23:20 -------- d-----w c:\users\Shirley\AppData\Local\Acer DV Magician
2009-05-19 23:10 . 2009-05-19 23:10 -------- d-----w c:\windows\Sun
2009-05-19 20:40 . 2009-05-19 20:40 -------- d-----w c:\users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40 . 2009-05-19 11:41 38200 ----a-w c:\users\Shirley\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-05-19 18:24 . 2009-05-25 20:43 -------- d-----w c:\users\Shirley\AppData\Local\Eraser
2009-05-19 18:24 . 2009-05-19 18:24 -------- d--h--w c:\users\Shirley\AppData\Local\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w c:\program files\Eraser
2009-05-19 17:20 . 2009-05-19 17:20 -------- d-----w c:\users\Shirley\AppData\Roaming\eSobi
2009-05-19 17:11 . 2008-07-10 06:32 538 ----a-w c:\windows\system32\RegRaidSedona.bat
2009-05-19 17:07 . 2009-05-19 17:07 -------- d-----w C:\NVIDIA
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\users\Shirley\AppData\Roaming\WinPatrol
2009-05-19 13:01 . 2006-09-18 21:43 10 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Config. sys
2009-05-19 13:01 . 2006-09-18 21:43 24 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Autoexe c.bat
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\program files\BillP Studios
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\users\Shirley\AppData\Roaming\Malwarebytes
2009-05-19 12:26 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 12:26 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 12:26 . 2009-05-19 13:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 11:53 . 2009-05-19 11:53 0 ----a-w c:\windows\nsreg.dat
2009-05-19 11:53 . 2009-05-19 11:53 -------- d-----w c:\users\Shirley\AppData\Local\Mozilla
2009-05-19 11:41 . 2009-05-19 11:41 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 11:38 . 2009-05-19 12:45 -------- d-----w c:\programdata\NOS
2009-05-19 11:29 . 2009-05-19 11:29 -------- d-----w c:\users\Shirley\AppData\Local\Seven Zip
2009-05-19 10:41 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-19 10:41 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-19 10:41 . 2009-05-20 01:10 -------- d-----w c:\program files\iPod
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\program files\iTunes
2009-05-19 10:38 . 2009-05-19 10:38 -------- d-----w c:\program files\QuickTime
2009-05-19 10:34 . 2009-05-19 10:34 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 10:34 . 2009-05-19 10:34 -------- d-----w c:\program files\Bonjour
2009-05-19 10:33 . 2009-05-19 10:33 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-19 10:29 . 2009-05-19 10:29 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 02:36 . 2009-05-12 02:36 2930 ---h--w c:\windows\ms49f4d98.dat
2009-05-11 23:55 . 2009-04-14 00:39 4656976 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E}\mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-25 20:44 . 2009-02-17 13:54 602 ----a-w c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-05-24 04:22 . 2008-09-12 01:46 -------- d-----w c:\program files\Google
2009-05-20 11:55 . 2008-09-11 17:01 104472 ----a-w c:\users\Shirley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-20 11:51 . 2008-02-05 19:30 -------- d-----w c:\programdata\Microsoft Help
2009-05-20 11:49 . 2008-02-05 19:31 -------- d-----w c:\program files\Microsoft Works
2009-05-20 03:54 . 2008-09-12 14:01 -------- d-----w c:\program files\Lx_cats
2009-05-20 00:42 . 2008-02-05 20:19 -------- d-----w c:\program files\Common Files\Adobe
2009-05-19 23:28 . 2008-02-05 19:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 23:27 . 2008-02-05 19:49 -------- d-----w c:\program files\Acer Arcade Live
2009-05-19 23:20 . 2008-09-15 23:24 -------- d-----w c:\users\Shirley\AppData\Roaming\CyberLink
2009-05-19 21:38 . 2008-09-12 20:56 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-19 21:04 . 2008-09-12 14:09 1664 ----a-w c:\users\Shirley\AppData\Roaming\wklnhst.dat
2009-05-19 17:29 . 2009-03-04 15:55 -------- d-----w c:\users\Shirley\AppData\Roaming\Sony
2009-05-19 17:20 . 2008-02-05 19:22 -------- d-----w c:\programdata\NVIDIA
2009-05-19 16:54 . 2008-02-05 18:03 36864 ----a-w c:\windows\system32\nvcod100.dll
2009-05-19 16:54 . 2007-10-25 11:02 147456 ----a-w c:\windows\system32\nvcolor.exe
2009-05-19 16:13 . 2008-09-12 01:47 -------- d-----w c:\users\Shirley\AppData\Roaming\LimeWire
2009-05-19 11:32 . 2008-02-05 20:08 -------- d-----w c:\program files\Yahoo!
2009-05-19 11:05 . 2008-09-12 01:45 -------- d-----w c:\program files\Java
2009-05-19 10:41 . 2008-09-13 03:14 -------- d-----w c:\program files\Common Files\Apple
2009-05-19 10:38 . 2008-09-13 03:15 -------- d-----w c:\programdata\Apple Computer
2009-05-11 12:10 . 2009-05-11 12:10 78260 ----a-w c:\programdata\SPL23D4.tmp
2009-04-17 10:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 22:13 . 2009-04-02 22:13 702127 ----a-w c:\programdata\SPLFB91.tmp
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-17 05:22 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 05:22 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-20 03:47 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-20 03:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-20 03:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-20 03:47 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-20 03:47 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-20 03:47 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-20 03:47 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-20 03:47 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-20 03:47 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-20 03:47 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-20 03:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-20 03:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-20 03:47 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-20 03:47 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-20 03:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-20 03:47 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-20 03:47 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-20 03:47 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-17 05:22 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 05:22 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 05:22 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 05:22 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 05:22 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 05:22 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 05:22 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 05:22 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 05:22 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 05:22 17408 ----a-w c:\windows\system32\iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"NVRaidService"="c:\windows\system32\nvraidservice .exe" [2008-11-12 203296]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-16 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2E9A4533-1359-46B6-B326-2B899D73FD10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D430641B-178B-4C39-B53C-F6B3221DB01A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{948000F3-8719-4206-B4C5-6506B663184F}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B}"= UDP:c:\windows\System32\lxcecoms.exe:Lexmark Communications System
"{61DAEE1D-D19E-4F1A-B41E-603246AF524C}"= TCP:c:\windows\System32\lxcecoms.exe:Lexmark Communications System
"{EB8798E6-358B-4DDA-A219-21BBC5D3C79A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{99976595-B4E1-4C9A-A3DE-A67AEDEE9B55}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7A37205C-E643-4464-8C27-FAFCC859102D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1DF156D1-94E3-4B3D-A91E-724DFC89819E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D7D156E3-7B84-41F2-9FD8-CF9860453F65}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F6A110DE-6630-4823-B892-60950EB9ED71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8640BFAB-1B85-48CC-95D5-9AABB44E4D95}"= UDP:c:\program files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{6CC4A3BE-8F00-4983-B199-3050D54509B8}"= TCP:c:\program files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{DDDCF108-71DF-48CD-AD53-71D17C3F2C5C}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F98C3B13-2099-40EC-B504-2445C9C5B1B0}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{3DB81CCD-4E96-40B3-8CA9-0089C89C294B}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{918FE1A4-6957-4640-97D9-C85BED212614}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{877DB07F-9298-486A-BB5B-930AF3A683AA}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{5A664831-D250-4805-BB75-32612C9742F8}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{2A157C0E-5966-4B7E-8D49-178D75EA6009}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{7456A750-A673-4875-A136-BF5BD99C2FA0}"= UDP:c:\users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool
"{12D7CA5D-7D5D-4B9F-B0C2-08AF17F55210}"= TCP:c:\users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool
"{F1F2D95D-3F09-45A3-B638-BB22BEF98FDC}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{29F487B0-C9DF-41D4-B9A7-8AA0BFB6939D}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4;FAMv4;c:\windows\System32\drivers\FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Shirley\AppData\Roaming\Mozilla\Firefox\P rofiles\j0dqrqc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.us.acer.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 17:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-25 17:54
ComboFix-quarantined-files.txt 2009-05-25 21:53

Pre-Run: 172,195,840,000 bytes free
Post-Run: 172,154,908,672 bytes free

283 --- E O F --- 2009-05-17 10:04
  #23  
Old 25th May 2009, 23:08
Malware Group
  
Howdy there

1. Close any open browsers.

2.Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
Folder::
c:\users\Shirley\AppData\Roaming\LimeWire

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

Keep me updated on how things are
__________________
Proud member of ASAP & UNITE
__________________

My System: Steves Rig

Processor(s):
AMD Athlon 64x2 6000+
Motherboard:
ASUS M3N78 Pro
RAM Memory:
Corsair 4GB Dual Channel
Graphics Card(s):
NVIDIA GeForce 8400 GS
Sound Card:
Onboard
Hard Drive(s):
640GB Western Digital HD
Optical Drive(s):
LG Lightscribe
Case / PSU:
Cooling:
Stock HSF
Network / Internet:
20Mb Virgin Media Broadband
Monitor(s):
Hanns-G 19" Widescreen
Operating System(s):
Vista Premium 64x
  #24  
Old 25th May 2009, 23:21
Donor Group
  
Dropped the CFScript file into Combofix, hit run and a message popped up. "There's a new version of Combofix available. Would you like to update Combofix?"

Normally I would hit yes, but will it affect what I just did? I download this version from your first link, and it looked new lol. How do I reply?
  #25  
Old 25th May 2009, 23:26
Malware Group
  
Hi - It should be ok to update.
__________________
Proud member of ASAP & UNITE
  #26  
Old 25th May 2009, 23:43
Donor Group
  
Holy deleted parasites Batman, that's a bunch of limewire I didn;'t find............

EDIT: It's too long have to make 2 posts

ComboFix 09-05-25.05 - Shirley 05/26/2009 2:30.5 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.2199 [GMT -4:00]
Running from: c:\users\Shirley\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Shirley\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Shirley\AppData\Roaming\LimeWire
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xul-v2.0b2.4-do-not-remove
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\AccessibleMarshal.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\branding.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\branding.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\classic.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\classic.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\comm.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\comm.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\en-US.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\en-US.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\limewire.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\limewire.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\pippki.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\pippki.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\toolkit.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\chrome\toolkit.manifest
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\accessibility-msaa.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\accessibility.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\alerts.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\appshell.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\appshell_modal.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\appshell_modal.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\appstartup.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\auth.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\autocomplete.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\autoconfig.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\autoconfig.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\caps.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\chardet.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\chrome.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\commandhandler.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\commandlines.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\composer.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_html.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_htmldoc.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_xmldoc.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_xslt.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\content_xtf.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\contentprefs.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\cookie.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\directory.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\docshell_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_canvas.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_core.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_css.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_events.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_html.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_json.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_loadsave.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_offline.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_range.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_sidebar.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_storage.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_stylesheets.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_svg.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_traversal.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_views.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_xbl.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_xpath.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\dom_xul.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\downloads.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\editor.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\embed_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\extensions.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\exthandler.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\exthelper.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\fastfind.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\FeedProcessor.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\feeds.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\find.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\gfx.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\htmlparser.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\imgicon.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\imglib2.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\inspector.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\intl.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\jar.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\jsconsole-clhandler.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\jsdservice.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\layout_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\layout_printing.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\layout_xul.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\layout_xul_tree.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\locale.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\loginmgr.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\lwbrk.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\mimetype.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\mozbrwsr.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\mozfind.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_about.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_cache.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_cookie.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_dns.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_file.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_ftp.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_http.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_res.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_socket.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_strconv.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\necko_viewsource.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsAddonRepository.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsBadCertHandler.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsBlocklistService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsContentDispatchChooser.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsContentPrefService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsDefaultCLH.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsDictionary.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsDownloadManagerUI.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsExtensionManager.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsHandlerService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsHelperAppDlg.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsLivemarkService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsLoginInfo.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsLoginManager.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsLoginManagerPrompter.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsPostUpdateWin.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsProgressDialog.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsProxyAutoConfig.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsResetPref.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsTaggingService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsTryToClose.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsUpdateService.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsURLFormatter.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsWebHandlerApp.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsXmlRpcClient.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\nsXULAppInstall.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\oji.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\parentalcontrols.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pipboot.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pipboot.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pipnss.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pipnss.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pippki.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pippki.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\places.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\plugin.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pluginGlue.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\pref.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\prefetch.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\profile.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\proxyObject.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\rdf.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\satchel.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\saxparser.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\shistory.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\spellchecker.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\storage-Legacy.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\storage.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\toolkitprofile.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\transformiix.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\txEXSLTRegExFunctions.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\txmgr.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\txtsvc.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\uconv.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\unicharutil.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\universalchardet.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\update.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\uriloader.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\urlformatter.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\webBrowser_core.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\webbrowserpersist.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\webshell_idls.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\websrvcs.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\widget.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\windowds.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\windowwatcher.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xml-rpc.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xmlextras.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_base.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_components.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_ds.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_io.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_system.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_thread.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpcom_xpti.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpconnect.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xpinstall.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xulapp.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xulapp_setup.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xuldoc.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xultmpl.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\xulutil.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\components\zipwriter.xpt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\crashreporter.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\crashreporter.ini
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\autoconfig\platform.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\autoconfig\prefcalls.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\pref\xulrunner.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\localstore.rdf
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\defaults\profile\US\localstore.rdf
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\dependentlibs.list
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\dictionaries\en-US.aff
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\dictionaries\en-US.dic
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\freebl3.chk
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\freebl3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\greprefs\all.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\greprefs\security-prefs.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\greprefs\xpinstall.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\IA2Marshal.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\javaxpcom.jar
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\javaxpcomglue.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\js3250.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\LICENSE
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\debug.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\DownloadUtils.jsm
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\ISO8601DateUtils.jsm
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\JSON.jsm
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\Microformats.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\PluralForm.jsm
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\utils.js
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\modules\XPCOMUtils.jsm
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\mozctl.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\mozctlx.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\MSVCP71.DLL
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\msvcr71.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\nspr4.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\nss3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\nssckbi.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\nssdbm3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\nssutil3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\platform.ini
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\plc4.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\plds4.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\plugins\npnul32.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\README.txt
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\arrow.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\arrowd.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\broken-image.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\charsetalias.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\charsetData.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\contenteditable.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\designmode.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\dtd\mathml.dtd
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\dtd\xhtml11.dtd
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\EditorOverride.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\html40Latin1.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\html40Special.propertie s
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\html40Symbols.propertie s
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\htmlEntityVersions.prop erties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\mathml20.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\entityTables\transliterate.propertie s
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfont.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfontStandardSymbolsL.prope rties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfontSTIXNonUnicode.propert ies
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfontSymbol.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\fonts\mathfontUnicode.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\forms.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\grabber.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\hiddenWindow.html
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\html.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\html\folder.png
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\langGroups.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\language.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\loading-image.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\mathml.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\quirk.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\svg.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-after-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-after-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-after.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-before-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-before-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-column-before.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-after-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-after-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-after.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-before-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-before-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-add-row-before.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-column-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-column-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-column.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-row-active.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-row-hover.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\table-remove-row.gif
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\ua.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\viewsource.css
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\res\wincharset.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\smime3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\softokn3.chk
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\softokn3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\sqlite3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\ssl3.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\updater.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\version.properties
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpcom.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpcshell.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpicleanup.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpidl.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpt_dump.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xpt_link.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xul.dll
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xulrunner-stub.exe
c:\users\Shirley\AppData\Roaming\LimeWire\browser\ xulrunner\xulrunner.exe
c:\users\Shirley\AppData\Roaming\LimeWire\certific ate\limewire.keystore
c:\users\Shirley\AppData\Roaming\LimeWire\createti mes.cache
c:\users\Shirley\AppData\Roaming\LimeWire\download s.dat
c:\users\Shirley\AppData\Roaming\LimeWire\fileurns .bak
c:\users\Shirley\AppData\Roaming\LimeWire\fileurns .cache
c:\users\Shirley\AppData\Roaming\LimeWire\filters. props
c:\users\Shirley\AppData\Roaming\LimeWire\gnutella .net
c:\users\Shirley\AppData\Roaming\LimeWire\installa tion.props
c:\users\Shirley\AppData\Roaming\LimeWire\library. dat
c:\users\Shirley\AppData\Roaming\LimeWire\library5 .dat
c:\users\Shirley\AppData\Roaming\LimeWire\limewire .props
c:\users\Shirley\AppData\Roaming\LimeWire\mojito.p rops
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\4BC70045d01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\7A2D9D1Ed01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\98E79480d01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\Shirley\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\Shirley\AppData\Roaming\LimeWire\promotio n\promodb.backup
c:\users\Shirley\AppData\Roaming\LimeWire\promotio n\promodb.data
c:\users\Shirley\AppData\Roaming\LimeWire\promotio n\promodb.properties
c:\users\Shirley\AppData\Roaming\LimeWire\promotio n\promodb.script
c:\users\Shirley\AppData\Roaming\LimeWire\question s.props
c:\users\Shirley\AppData\Roaming\LimeWire\response s.cache
c:\users\Shirley\AppData\Roaming\LimeWire\simpp.xm l
c:\users\Shirley\AppData\Roaming\LimeWire\spam.dat
c:\users\Shirley\AppData\Roaming\LimeWire\tables.p rops
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme.lwtp
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\01_star.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\02_star.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\03_star.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\04_star.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\05_star.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\chat.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\forward_dn.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\forward_up.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\kill.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\kill_on.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\pause_dn.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\pause_up.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\play_dn.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\play_up.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\question.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\rewind_dn.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\rewind_up.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\stop_dn.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\stop_up.gif
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\theme.txt
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\version.txt
c:\users\Shirley\AppData\Roaming\LimeWire\themes\w indows_theme\warning.gif
c:\users\Shirley\AppData\Roaming\LimeWire\ttdata.c ache
c:\users\Shirley\AppData\Roaming\LimeWire\ttroot.c ache
c:\users\Shirley\AppData\Roaming\LimeWire\version. xml
c:\users\Shirley\AppData\Roaming\LimeWire\versions .props
c:\users\Shirley\AppData\Roaming\LimeWire\xml\data \audio.sxml2
c:\users\Shirley\AppData\Roaming\LimeWire\xml\data \audio.sxml3
c:\users\Shirley\AppData\Roaming\LimeWire\xml\data \video.sxml2
c:\users\Shirley\AppData\Roaming\LimeWire\xml\data \video.sxml3

.
((((((((((((((((((((((((( Files Created from 2009-04-26 to 2009-05-26 )))))))))))))))))))))))))))))))
.

2009-05-26 00:47 . 2009-05-06 15:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{66E4D73A-4D5B-42EB-8326-72D19553A456}\mpengine.dll
2009-05-25 20:58 . 2009-05-25 20:58 -------- d-----w c:\programdata\Office Genuine Advantage
2009-05-24 11:58 . 2009-05-24 11:58 -------- d-----w c:\programdata\NortonInstaller
2009-05-22 23:57 . 2009-05-26 00:58 117760 ----a-w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-22 23:56 . 2009-05-22 23:56 -------- d-----w c:\programdata\SUPERAntiSpyware.com
2009-05-22 23:52 . 2009-05-22 23:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 23:52 . 2009-05-22 23:52 -------- d-----w c:\users\Shirley\AppData\Roaming\SUPERAntiSpyware. com
2009-05-22 20:36 . 2009-05-22 20:36 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 15:06 . 2009-02-05 20:06 51376 ----a-w c:\windows\system32\drivers\aswTdi.sys
2009-05-22 15:06 . 2009-02-05 20:06 23152 ----a-w c:\windows\system32\drivers\aswRdr.sys
2009-05-22 15:06 . 2009-02-05 20:07 114768 ----a-w c:\windows\system32\drivers\aswSP.sys
2009-05-22 15:06 . 2009-02-05 20:07 20560 ----a-w c:\windows\system32\drivers\aswFsBlk.sys
2009-05-22 15:06 . 2009-02-05 20:04 97480 ----a-w c:\windows\system32\AvastSS.scr
2009-05-22 15:06 . 2009-02-05 20:11 1256296 ----a-w c:\windows\system32\aswBoot.exe
2009-05-22 15:06 . 2009-02-05 20:06 51792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-05-22 15:06 . 2009-05-22 15:06 -------- d-----w c:\program files\Alwil Software
2009-05-22 04:38 . 2009-05-22 04:38 738120 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-20 12:43 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-20 12:43 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-20 12:43 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-20 12:43 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-20 12:43 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-20 12:43 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-20 12:33 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-20 12:33 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-20 12:33 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-20 12:32 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-20 12:32 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-20 11:39 . 2009-05-20 11:39 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-20 04:03 . 2009-05-20 11:00 -------- d-----w c:\program files\Windows Live Safety Center
2009-05-19 23:20 . 2009-05-19 23:20 -------- d-----w c:\users\Shirley\AppData\Local\Acer DV Magician
2009-05-19 23:10 . 2009-05-19 23:10 -------- d-----w c:\windows\Sun
2009-05-19 20:40 . 2009-05-19 20:40 -------- d-----w c:\users\Shirley\AppData\Roaming\com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40 . 2009-05-19 11:41 38200 ----a-w c:\users\Shirley\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinsta ller.exe
2009-05-19 18:24 . 2009-05-26 00:56 -------- d-----w c:\users\Shirley\AppData\Local\Eraser
2009-05-19 18:24 . 2009-05-19 18:24 -------- d--h--w c:\users\Shirley\AppData\Local\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-19 18:24 . 2009-05-19 18:24 -------- d-----w c:\program files\Eraser
2009-05-19 17:20 . 2009-05-19 17:20 -------- d-----w c:\users\Shirley\AppData\Roaming\eSobi
2009-05-19 17:11 . 2008-07-10 06:32 538 ----a-w c:\windows\system32\RegRaidSedona.bat
2009-05-19 17:07 . 2009-05-19 17:07 -------- d-----w C:\NVIDIA
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 14:04 . 2009-05-19 14:05 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\users\Shirley\AppData\Roaming\WinPatrol
2009-05-19 13:01 . 2006-09-18 21:43 10 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Config. sys
2009-05-19 13:01 . 2006-09-18 21:43 24 ----a-w c:\users\Shirley\AppData\Roaming\WinPatrol\Autoexe c.bat
2009-05-19 13:01 . 2009-05-19 13:01 -------- d-----w c:\program files\BillP Studios
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\users\Shirley\AppData\Roaming\Malwarebytes
2009-05-19 12:26 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 12:26 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 12:26 . 2009-05-19 13:22 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 12:26 . 2009-05-19 12:26 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 11:53 . 2009-05-19 11:53 0 ----a-w c:\windows\nsreg.dat
2009-05-19 11:53 . 2009-05-19 11:53 -------- d-----w c:\users\Shirley\AppData\Local\Mozilla
2009-05-19 11:41 . 2009-05-19 11:41 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-19 11:38 . 2009-05-19 12:45 -------- d-----w c:\programdata\NOS
2009-05-19 11:29 . 2009-05-19 11:29 -------- d-----w c:\users\Shirley\AppData\Local\Seven Zip
2009-05-19 10:41 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-19 10:41 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-05-19 10:41 . 2009-05-20 01:10 -------- d-----w c:\program files\iPod
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:41 . 2009-05-19 10:41 -------- d-----w c:\program files\iTunes
2009-05-19 10:38 . 2009-05-19 10:38 -------- d-----w c:\program files\QuickTime
2009-05-19 10:34 . 2009-05-19 10:34 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-19 10:34 . 2009-05-19 10:34 -------- d-----w c:\program files\Bonjour
2009-05-19 10:33 . 2009-05-19 10:33 416128 ----a-w c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-19 10:29 . 2009-05-19 10:29 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-12 02:36 . 2009-05-12 02:36 2930 ---h--w c:\windows\ms49f4d98.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-26 00:57 . 2009-02-17 13:54 602 ----a-w c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-05-24 04:22 . 2008-09-12 01:46 -------- d-----w c:\program files\Google
2009-05-20 11:55 . 2008-09-11 17:01 104472 ----a-w c:\users\Shirley\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-20 11:51 . 2008-02-05 19:30 -------- d-----w c:\programdata\Microsoft Help
2009-05-20 11:49 . 2008-02-05 19:31 -------- d-----w c:\program files\Microsoft Works
2009-05-20 03:54 . 2008-09-12 14:01 -------- d-----w c:\program files\Lx_cats
2009-05-20 00:42 . 2008-02-05 20:19 -------- d-----w c:\program files\Common Files\Adobe
2009-05-19 23:28 . 2008-02-05 19:26 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-19 23:27 . 2008-02-05 19:49 -------- d-----w c:\program files\Acer Arcade Live
2009-05-19 23:20 . 2008-09-15 23:24 -------- d-----w c:\users\Shirley\AppData\Roaming\CyberLink
2009-05-19 21:38 . 2008-09-12 20:56 -------- d-----w c:\program files\Common Files\SureThing Shared
2009-05-19 21:04 . 2008-09-12 14:09 1664 ----a-w c:\users\Shirley\AppData\Roaming\wklnhst.dat
2009-05-19 17:29 . 2009-03-04 15:55 -------- d-----w c:\users\Shirley\AppData\Roaming\Sony
2009-05-19 17:20 . 2008-02-05 19:22 -------- d-----w c:\programdata\NVIDIA
2009-05-19 16:54 . 2008-02-05 18:03 36864 ----a-w c:\windows\system32\nvcod100.dll
2009-05-19 16:54 . 2007-10-25 11:02 147456 ----a-w c:\windows\system32\nvcolor.exe
2009-05-19 11:32 . 2008-02-05 20:08 -------- d-----w c:\program files\Yahoo!
2009-05-19 11:05 . 2008-09-12 01:45 -------- d-----w c:\program files\Java
2009-05-19 10:41 . 2008-09-13 03:14 -------- d-----w c:\program files\Common Files\Apple
2009-05-19 10:38 . 2008-09-13 03:15 -------- d-----w c:\programdata\Apple Computer
2009-05-11 12:10 . 2009-05-11 12:10 78260 ----a-w c:\programdata\SPL23D4.tmp
2009-04-17 10:12 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 22:13 . 2009-04-02 22:13 702127 ----a-w c:\programdata\SPLFB91.tmp
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-17 05:22 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 05:22 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-20 03:47 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-20 03:47 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-20 03:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-20 03:47 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-20 03:47 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-20 03:47 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-20 03:47 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-20 03:47 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-20 03:47 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-20 03:47 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-20 03:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-20 03:47 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-20 03:47 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-20 03:47 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-20 03:47 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-20 03:47 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-20 03:47 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-20 03:47 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-04-17 05:22 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-17 05:22 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-04-17 05:22 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-17 05:22 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-17 05:22 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-17 05:22 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-17 05:22 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-17 05:22 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-17 05:22 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-17 05:22 17408 ----a-w c:\windows\system32\iashost.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-25_21.52.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2009-05-26 00:59 60832 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-26 00:59 80278 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
+ 2008-09-11 16:57 . 2009-05-26 04:58 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-11 16:57 . 2009-05-25 20:44 32768 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-11 16:57 . 2009-05-26 04:58 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-11 16:57 . 2009-05-25 20:44 81920 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-11 16:57 . 2009-05-26 04:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2008-09-11 16:57 . 2009-05-25 20:44 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2008-09-11 21:16 . 2009-05-26 00:56 2944 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-11 21:16 . 2009-05-22 15:07 2944 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-11 17:14 . 2009-05-26 00:59 8076 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2982904736-3036701459-4244829226-1000_UserData.bin
- 2009-05-25 20:44 . 2009-05-25 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2009-05-26 00:57 . 2009-05-26 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2009-05-25 20:44 . 2009-05-25 20:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2009-05-26 00:57 . 2009-05-26 00:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2008-09-12 19:37 . 2009-05-26 06:14 290548 c:\windows\System32\WDI\SuspendPerformanceDiagnost ics_SystemData_FastS4.bin
- 2006-11-02 10:33 . 2009-05-25 20:49 595446 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-26 01:01 595446 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-25 20:49 101144 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-26 01:01 101144 c:\windows\System32\perfc009.dat
.
  #27  
Old 25th May 2009, 23:44
Donor Group
  
This is the other half of the log.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"NVRaidService"="c:\windows\system32\nvraidservice .exe" [2008-11-12 203296]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\W32X 86\3\LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-16 92704]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{2E9A4533-1359-46B6-B326-2B899D73FD10}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{D430641B-178B-4C39-B53C-F6B3221DB01A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{948000F3-8719-4206-B4C5-6506B663184F}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B}"= UDP:c:\windows\System32\lxcecoms.exe:Lexmark Communications System
"{61DAEE1D-D19E-4F1A-B41E-603246AF524C}"= TCP:c:\windows\System32\lxcecoms.exe:Lexmark Communications System
"{EB8798E6-358B-4DDA-A219-21BBC5D3C79A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxc epswx.exe:Printer Status Window
"{99976595-B4E1-4C9A-A3DE-A67AEDEE9B55}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{7A37205C-E643-4464-8C27-FAFCC859102D}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{1DF156D1-94E3-4B3D-A91E-724DFC89819E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D7D156E3-7B84-41F2-9FD8-CF9860453F65}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F6A110DE-6630-4823-B892-60950EB9ED71}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{8640BFAB-1B85-48CC-95D5-9AABB44E4D95}"= UDP:c:\program files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{6CC4A3BE-8F00-4983-B199-3050D54509B8}"= TCP:c:\program files\BillP Studios\WinPatrol\WinPatrol.exe:WinPatrol
"{1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{DDDCF108-71DF-48CD-AD53-71D17C3F2C5C}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{F98C3B13-2099-40EC-B504-2445C9C5B1B0}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{3DB81CCD-4E96-40B3-8CA9-0089C89C294B}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{918FE1A4-6957-4640-97D9-C85BED212614}"= UDP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{877DB07F-9298-486A-BB5B-930AF3A683AA}"= TCP:c:\program files\Spybot - Search & Destroy\SDUpdate.exe:Update Spybot-S&D
"{5A664831-D250-4805-BB75-32612C9742F8}"= UDP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{2A157C0E-5966-4B7E-8D49-178D75EA6009}"= TCP:c:\windows\ehome\ehshell.exe:Windows Media Center
"{7456A750-A673-4875-A136-BF5BD99C2FA0}"= UDP:c:\users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool
"{12D7CA5D-7D5D-4B9F-B0C2-08AF17F55210}"= TCP:c:\users\Shirley\AppData\Local\Temp\7zSF624.tm p\SymNRT.exe:Norton Removal Tool
"{F1F2D95D-3F09-45A3-B638-BB22BEF98FDC}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer
"{29F487B0-C9DF-41D4-B9A7-8AA0BFB6939D}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4;FAMv4;c:\windows\System32\drivers\FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.us.acer.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
FF - ProfilePath - c:\users\Shirley\AppData\Roaming\Mozilla\Firefox\P rofiles\j0dqrqc6.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.us.acer.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-26 02:36
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCECATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCEtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-05-26 2:39
ComboFix-quarantined-files.txt 2009-05-26 06:39
ComboFix2.txt 2009-05-25 21:54

Pre-Run: 171,293,253,632 bytes free
Post-Run: 171,249,905,664 bytes free

681 --- E O F --- 2009-05-17 10:04

EDIT: Still can't update: Same error message.
  #28  
Old 26th May 2009, 00:33
Malware Group
  
Hi Bubba

I am not seeing anything malicious in your lgos that would stop the firewall from running.

Lets try resetting it.
Go to the vista orb - select All Programs - Accessories - right click on Commmand Prompt and select run as administrator
Use CTRL & C to copy the following command, then in the command prompt window right click and select paste

NETSH FIREWALL RESET

Let me know if you can update yet
__________________
Proud member of ASAP & UNITE
  #29  
Old 26th May 2009, 00:46
Donor Group
  
Not yet. Any other ideas lol? I have to get my 2 hours of sleep for tomorrow, I mean today. I'll check in later.
  #30  
Old 26th May 2009, 00:52
Malware Group
  
Howdy bubba

Im just about out of ideas myself here. I want you to run a regfix for me. First it is important that you back up the system registry.

Press the Windows Key & R to bring up the run dialogue
Type in regedit to start the editor

Once edit is open...

From the file menu - Select File -> Export
Just below the filename you will see export range.
Set the export range to all
Choose a suitable file name to save the file under
Save it to your c:\ drive so you can locate it easy
Now click the save button and close the editor

Open Notepad and copy and paste the text inside the codebox into Notepad:

Code:
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"DependOnGroup"=hex(7):00,00
"DependOnService"=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\
  6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00
"Description"="Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network."
"DisplayName"="Windows Firewall/Internet Connection Sharing (ICS)"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cd0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\
  00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup]
"ServiceUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate]
"All"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
- Save this as fix.reg > choose to save as *all files > and place it on your desktop.
- On your desktop, it must look like a white sheet with little green boxes on it.
- Double-click on it and, when you are asked if you want to merge the contents to the registry, click YES/OK.
- Reboot your computer.

Let me know how things are now
__________________
Proud member of ASAP & UNITE
Reply
Page 3 of 6 12 3 456

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.