Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dds & attach files ref Rootkit.TDSS!sd6


  • This topic is locked This topic is locked
33 replies to this topic

#1 Wizard99

Wizard99

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 28 March 2009 - 05:55 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/213157/rootkittdsssd6/ ~ OB

Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.221 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PC Tools Disk Suite\aDSProcMngr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
C:\documents and settings\any authorised user\local settings\application data\goqqe.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Any Authorised User\Local Settings\Temporary Internet Files\Content.IE5\4IPUZ9OK\dds[1].scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.aber.ac.uk
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {07AA283A-43D7-4CBE-A064-32A21112D94D} - No File
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Spyware Cleaner] "c:\program files\spyware cleaner\SpywareCleaner.Exe" /boot
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [msnmsgr] "c:\progra~1\window~4\messen~1\msnmsgr.exe" /background
uRun: [goqqe] "c:\documents and settings\any authorised user\local settings\application data\goqqe.exe" goqqe
mRun: [S3TRAY2] S3Tray2.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [UC_Start] c:\program files\ibm\updater\\ucstartup.exe
mRun: [UC_SMB]
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [QCTRAY] c:\program files\thinkpad\connectutilities\QCTRAY.EXE
mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [304ef22d] rundll32.exe "c:\windows\system32\mbjtklwo.dll",sitypnow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DiskSuite] c:\program files\pc tools disk suite\aDSProcMngr.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: byvvu - c:\windows\system32\byvvu.dll
Notify: byxwv - c:\windows\system32\byxwv.dll
Notify: byxya - c:\windows\system32\byxya.dll
Notify: cbaxx - c:\windows\system32\cbaxx.dll
Notify: cbxus - c:\windows\system32\cbxus.dll
Notify: efeba - c:\windows\system32\efeba.dll
Notify: hgdcd - c:\windows\system32\hgdcd.dll
Notify: hgghg - c:\windows\system32\hgghg.dll
Notify: igfxcui - igfxsrvc.dll
Notify: jkkhg - c:\windows\system32\jkkhg.dll
Notify: ljjgf - c:\windows\system32\ljjgf.dll
Notify: ljjigdd - ljjigdd.dll
Notify: mljki - c:\windows\system32\mljki.dll
Notify: opnml - c:\windows\system32\opnml.dll
Notify: pmkij - c:\windows\system32\pmkij.dll
Notify: pmnkk - c:\windows\system32\pmnkk.dll
Notify: pmnkl - c:\windows\system32\pmnkl.dll
Notify: QConGina - QConGina.dll
Notify: rqomk - c:\windows\system32\rqomk.dll
Notify: rqonl - c:\windows\system32\rqonl.dll
Notify: rqrop - c:\windows\system32\rqrop.dll
Notify: sstur - c:\windows\system32\sstur.dll
Notify: tphotkey - tphklock.dll
Notify: tusqr - c:\windows\system32\tusqr.dll
Notify: tusro - c:\windows\system32\tusro.dll
Notify: tustt - c:\windows\system32\tustt.dll
Notify: vtuvs - c:\windows\system32\vtuvs.dll
Notify: vtuvt - c:\windows\system32\vtuvt.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccyy.dll
LSA: Notification Packages = pwdmon scecli

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-3-21 130424]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-11-22 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-11-22 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-11-22 16384]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-9-24 64256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-3-21 348752]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-3-21 1095560]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-1-1 13904]
S2 DiskSuiteService;PC Tools Disk Suite;c:\program files\pc tools disk suite\DSService.exe [2009-3-20 869696]
S2 SpywareCleanerService;SpywareCleanerService;c:\program files\spyware cleaner\scservice.exe --> c:\program files\spyware cleaner\SCService.exe [?]
S3 PAC207;USB PC Cam Plus;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-11-22 12288]

=============== Created Last 30 ================

2009-03-27 23:46 2,067,968 a------- c:\windows\system32\dllcache\cdosys.dll
2009-03-27 19:08 --d----- c:\documents and settings\any authorised user\DoctorWeb
2009-03-27 18:54 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 18:24 --d----- C:\gmer
2009-03-22 22:50 617,472 a------- c:\windows\system32\HFXE6.tmp
2009-03-22 22:46 4,639 a------- c:\windows\system32\dllcache\mplayer2.exe
2009-03-22 22:45 23,044 a------- c:\windows\system32\sorttbls.nls
2009-03-22 22:45 96,768 -------- c:\windows\system32\_003939_.tmp.dll
2009-03-22 22:45 50,688 -------- c:\windows\system32\_003941_.tmp.dll
2009-03-22 22:45 22,040 -------- c:\windows\system32\_003940_.tmp.dll
2009-03-22 22:45 146,432 a------- c:\windows\system\winspool.drv
2009-03-22 22:45 1,846,272 -------- c:\windows\system32\_003932_.tmp.dll
2009-03-22 22:45 146,432 -------- c:\windows\system32\_003930_.tmp.dll
2009-03-22 22:45 101,888 -------- c:\windows\system32\_003931_.tmp.dll
2009-03-22 22:45 132,096 -------- c:\windows\system32\_003929_.tmp.dll
2009-03-22 22:45 71,040 -------- c:\windows\system32\drivers\_003903_.tmp.dll
2009-03-22 22:45 250,032 a------- C:\ntldr
2009-03-21 17:37 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-03-21 17:37 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-03-21 17:37 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-21 17:36 --d----- c:\program files\common files\PC Tools
2009-03-21 17:36 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-03-21 17:36 --d----- c:\program files\Spyware Doctor
2009-03-21 17:36 --d----- c:\docume~1\anyaut~1\applic~1\PC Tools
2009-03-21 07:50 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-21 07:50 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-21 07:50 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-21 07:50 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-03-21 07:50 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-21 07:50 6,066,688 -------- c:\windows\system32\dllcache\ieframe.dll
2009-03-21 07:50 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-21 07:50 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-21 07:50 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-03-21 07:44 --d----- c:\windows\network diagnostic
2009-03-20 23:42 --d-h--- C:\$AVG8.VAULT$
2009-03-20 23:28 --d----- c:\program files\AVG
2009-03-20 23:28 --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-03-20 22:35 --d----- c:\program files\PC Tools Disk Suite
2009-03-20 22:35 --d----- c:\docume~1\alluse~1\applic~1\PC Tools

==================== Find3M ====================

2009-03-22 23:43 70,691 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-09 10:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 10:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2007-09-17 15:24 6,480 a--sh--- c:\windows\system32\abefe.bak1
2007-09-10 17:21 6,480 ac-sh--- c:\windows\system32\ayxyb.bak1
2007-09-27 07:09 6,440 ac-sh--- c:\windows\system32\bbeeg.bak1
2007-09-25 20:45 6,440 ac-sh--- c:\windows\system32\dcdgh.bak1
2007-09-24 15:14 6,480 ac-sh--- c:\windows\system32\fgjjl.bak1
2007-09-28 07:09 6,480 ac-sh--- c:\windows\system32\fgjlm.bak1
2007-09-20 07:12 6,480 ac-sh--- c:\windows\system32\ghggh.bak1
2007-09-28 16:58 28,863 ac-sh--- c:\windows\system32\ghggh.bak2
2007-09-12 06:54 6,480 ac-sh--- c:\windows\system32\ghkkj.bak1
2007-09-17 16:25 6,440 ac-sh--- c:\windows\system32\ikjlm.bak1
2007-09-24 07:06 6,440 ac-sh--- c:\windows\system32\jikmp.bak1
2007-09-20 18:21 6,440 ac-sh--- c:\windows\system32\kjiii.bak1
2007-09-11 15:58 6,480 ac-sh--- c:\windows\system32\kknmp.bak1
2007-09-22 13:01 6,440 ac-sh--- c:\windows\system32\kmoqr.bak1
2007-09-24 21:51 6,440 ac-sh--- c:\windows\system32\lknmp.bak1
2007-09-14 16:30 6,480 ac-sh--- c:\windows\system32\llkkj.bak1
2007-10-06 15:07 14,174 ac-sh--- c:\windows\system32\llkkj.bak2
2007-09-10 20:21 6,440 ac-sh--- c:\windows\system32\lmnpo.bak1
2007-09-10 07:03 6,440 ac-sh--- c:\windows\system32\lnoqr.bak1
2007-09-25 16:15 6,480 ac-sh--- c:\windows\system32\orsut.bak1
2007-09-19 23:30 6,480 ac-sh--- c:\windows\system32\porqr.bak1
2007-09-28 17:01 28,040 ac-sh--- c:\windows\system32\porqr.bak2
2007-09-13 21:08 6,440 ac-sh--- c:\windows\system32\prqss.bak1
2007-09-23 15:15 6,440 ac-sh--- c:\windows\system32\rqsut.bak1
2007-09-18 21:34 6,440 ac-sh--- c:\windows\system32\rutss.bak1
2007-09-11 20:56 6,440 ac-sh--- c:\windows\system32\suxbc.bak1
2007-09-14 13:46 6,480 ac-sh--- c:\windows\system32\suxbc.bak2
2007-09-24 17:01 6,480 ac-sh--- c:\windows\system32\svutv.bak1
2007-09-23 23:05 6,440 ac-sh--- c:\windows\system32\ttsut.bak1
2007-09-10 13:48 6,440 ac-sh--- c:\windows\system32\tvutv.bak1
2007-09-12 20:10 6,480 ac-sh--- c:\windows\system32\uvvyb.bak1
2007-09-20 16:54 6,480 ac-sh--- c:\windows\system32\vwxyb.bak1
2007-09-30 23:08 6,440 ac-sh--- c:\windows\system32\xbeeg.bak1
2007-09-13 13:52 6,440 ac-sh--- c:\windows\system32\xxabc.bak1
2007-09-14 17:25 6,701 ac-sh--- c:\windows\system32\xxabc.bak2
2007-10-06 17:01 6,363 ac-sh--- c:\windows\system32\yyccf.bak1
2007-10-08 19:50 37,079 a--sh--- c:\windows\system32\yyccf.bak2




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 09/12/2005 03:45:15
System Uptime: 28/03/2009 22:18:11 (0 hours ago)

Motherboard: IBM | | 1834S5G
Processor: Intel® Celeron® M processor 1.40GHz | None | 1398/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 17.256 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP628: 04/01/2009 17:13:12 - System Checkpoint
RP629: 11/01/2009 20:32:32 - System Checkpoint
RP630: 12/01/2009 17:26:21 - Configured iTunes
RP631: 12/01/2009 17:40:04 - Installed iTunes
RP632: 15/01/2009 12:36:37 - System Checkpoint
RP633: 15/01/2009 23:06:36 - Software Distribution Service 3.0
RP634: 18/01/2009 19:41:02 - System Checkpoint
RP635: 20/01/2009 10:42:25 - System Checkpoint
RP636: 21/01/2009 22:09:09 - System Checkpoint
RP637: 23/01/2009 21:20:56 - System Checkpoint
RP638: 26/01/2009 10:14:41 - System Checkpoint
RP639: 28/01/2009 22:02:33 - System Checkpoint
RP640: 02/02/2009 17:37:22 - System Checkpoint
RP641: 03/02/2009 19:48:52 - System Checkpoint
RP642: 06/02/2009 13:01:24 - System Checkpoint
RP643: 07/02/2009 21:20:55 - System Checkpoint
RP644: 12/02/2009 23:18:12 - Software Distribution Service 3.0
RP645: 14/02/2009 20:45:07 - System Checkpoint
RP646: 16/02/2009 20:58:36 - System Checkpoint
RP647: 20/02/2009 19:24:39 - System Checkpoint
RP648: 26/02/2009 00:32:02 - System Checkpoint
RP649: 26/02/2009 08:02:44 - Software Distribution Service 3.0
RP650: 27/02/2009 07:44:00 - Software Distribution Service 3.0
RP651: 02/03/2009 23:13:23 - System Checkpoint
RP652: 03/03/2009 23:29:39 - System Checkpoint
RP653: 08/03/2009 17:12:19 - System Checkpoint
RP654: 10/03/2009 23:03:42 - Software Distribution Service 3.0
RP655: 11/03/2009 23:59:51 - System Checkpoint
RP656: 22/03/2009 15:15:18 - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Compatibility Pack for the 2007 Office system
Favorit
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
IBM 32-bit Runtime Environment for Java 2, v1.4.1
IBM Access Connections
IBM DLA
IBM Integrated 56K Modem
IBM Rescue and Recovery with Rapid Restore
IBM Themes
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad Configuration
IBM ThinkPad EasyEject Utility
IBM ThinkPad Keyboard Customizer Utility
IBM ThinkPad Power Management Driver
IBM ThinkPad Presentation Director
IBM ThinkVantage Technologies Welcome Message
IBM TrackPoint Accessibility Features
IBM TrackPoint Support
IBM Update Connector
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 3
Java™ 6 Update 13
Java™ 6 Update 2
Lexmark 2300 Series
Lexmark Fax Solutions
Macromedia Flash Player 8
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
PC-Doctor for Windows
PC Tools Disk Suite 1.0
QuickTime
Registry Mechanic 8.0
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Sonic Update Manager
Spyware Doctor 6.0
ThinkPad FullScreen Magnifier
ThinkPad Software Installer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

26/03/2009 17:55:07, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The system cannot find the file specified.
26/03/2009 17:55:06, error: DCOM [10005] - DCOM got error "%2" attempting to start the service iPod Service with arguments "-Service" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
26/03/2009 17:53:45, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
26/03/2009 17:53:45, error: Service Control Manager [7000] - The SpywareCleanerService service failed to start due to the following error: The system cannot find the file specified.
24/03/2009 18:05:22, error: Service Control Manager [7000] - The lxcg_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
24/03/2009 18:05:22, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxcg_device service to connect.
24/03/2009 18:05:22, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service lxcg_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106E}
22/03/2009 23:57:52, error: Service Control Manager [7022] - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
22/03/2009 23:39:20, error: NtServicePack [4374] - Windows XP installation failed, leaving Windows XP partially updated.
The installation of the Service Pack did not complete, and a rollback to the pre-installation state has been initiated. A rollback is a two-step process. Step one is complete; to complete step two, click OK. To be reminded at next login to complete step two, click Cancel. After you complete the rollback, your system will reboot and you may retry the installation of the Service Pack.
22/03/2009 22:37:13, error: System Error [1003] - Error code 10000050, parameter1 ff61befd, parameter2 00000000, parameter3 edf39fcb, parameter4 00000000.
22/03/2009 20:27:36, error: System Error [1003] - Error code 100000d1, parameter1 e2167000, parameter2 00000002, parameter3 00000000, parameter4 efb66cf6.
27/03/2009 19:06:55, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/03/2009 19:07:07, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
27/03/2009 19:07:17, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
27/03/2009 19:07:17, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/03/2009 19:07:17, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
27/03/2009 19:07:17, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/03/2009 19:07:17, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/03/2009 19:07:17, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ANC Fips IBMTPCHK intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Smapint Tcpip TDSMAPI TPHKDRV TPPWR TSMAPIP
27/03/2009 23:30:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
27/03/2009 23:52:22, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
The I/O operation has been aborted because of either a thread exit or an application request.
28/03/2009 00:07:49, error: NtServicePack [4374] - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
28/03/2009 00:08:02, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800703e3: Windows XP Service Pack 3 (KB936929).
28/03/2009 00:14:34, error: System Error [1003] - Error code 100000d1, parameter1 e1bb4000, parameter2 00000002, parameter3 00000000, parameter4 efccecf6.
28/03/2009 00:18:20, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
28/03/2009 22:18:43, error: w29n51 [5031] - Intel® PRO/Wireless 2200BG Network Connection : The adapter has detected an Adapter Check as a result of some unrecoverable hardware of software error. Please contact your service provider.
28/03/2009 22:18:43, error: w29n51 [5010] - Intel® PRO/Wireless 2200BG Network Connection : The adapter has returned an invalid value to the driver.

Edited by Orange Blossom, 28 March 2009 - 06:45 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 01 April 2009 - 03:03 PM

Hello.

Posted ImageBackdoor Threat

IMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you want to continue follow the steps below


Download and Run ComboFix (Rename Before Saving)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image

Posted Image

Refer to the page below for further instructions on running ComboFix. This includes installing the Recovery Console. Note that you do not need your Windows XP disk to install it. Refer to this page if you are unsure how.

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a open a report for you. Post back with it. It is at C:\ComboFix.txt.

Do not mouseclick the ComboFix window while it's running. That may cause it to stall.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 01 April 2009 - 04:18 PM

Combofix succesfully ran... log as follows as requested......



ComboFix 09-04-01.01 - Any Authorised User 2009-04-01 21:59:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.151 [GMT 1:00]
Running from: c:\documents and settings\Any Authorised User\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Any Authorised User\Local Settings\Application Data\goqqe.dat
c:\documents and settings\Any Authorised User\Local Settings\Application Data\goqqe.exe
c:\documents and settings\Any Authorised User\Local Settings\Application Data\goqqe_nav.dat
c:\documents and settings\Any Authorised User\Local Settings\Application Data\goqqe_navps.dat
c:\windows\system32\_003929_.tmp.dll
c:\windows\system32\_003930_.tmp.dll
c:\windows\system32\_003931_.tmp.dll
c:\windows\system32\_003932_.tmp.dll
c:\windows\system32\_003939_.tmp.dll
c:\windows\system32\_003940_.tmp.dll
c:\windows\system32\_003941_.tmp.dll
c:\windows\system32\_003942_.tmp.dll
c:\windows\system32\_003944_.tmp.dll
c:\windows\system32\_003945_.tmp.dll
c:\windows\system32\_003948_.tmp.dll
c:\windows\system32\_003949_.tmp.dll
c:\windows\system32\_003951_.tmp.dll
c:\windows\system32\_003952_.tmp.dll
c:\windows\system32\_003953_.tmp.dll
c:\windows\system32\_003955_.tmp.dll
c:\windows\system32\_003958_.tmp.dll
c:\windows\system32\_003959_.tmp.dll
c:\windows\system32\_003963_.tmp.dll
c:\windows\system32\_003964_.tmp.dll
c:\windows\system32\_003966_.tmp.dll
c:\windows\system32\_003969_.tmp.dll
c:\windows\system32\_003971_.tmp.dll
c:\windows\system32\_003972_.tmp.dll
c:\windows\system32\_003973_.tmp.dll
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\_003975_.tmp.dll
c:\windows\system32\_003978_.tmp.dll
c:\windows\system32\_003979_.tmp.dll
c:\windows\system32\_003980_.tmp.dll
c:\windows\system32\_003981_.tmp.dll
c:\windows\system32\abefe.bak1
c:\windows\system32\abefe.ini
c:\windows\system32\ayxyb.bak1
c:\windows\system32\ayxyb.ini
c:\windows\system32\bbeeg.bak1
c:\windows\system32\bbeeg.ini
c:\windows\system32\dcdgh.bak1
c:\windows\system32\dcdgh.ini
c:\windows\system32\drivers\UACxepxmkti.sys
c:\windows\system32\fgjjl.bak1
c:\windows\system32\fgjjl.ini
c:\windows\system32\fgjlm.bak1
c:\windows\system32\fgjlm.tmp
c:\windows\system32\ghggh.bak1
c:\windows\system32\ghggh.bak2
c:\windows\system32\ghggh.ini
c:\windows\system32\ghkkj.bak1
c:\windows\system32\ghkkj.ini
c:\windows\system32\hsamecud.ini
c:\windows\system32\ikjlm.bak1
c:\windows\system32\ikjlm.ini
c:\windows\system32\jikmp.bak1
c:\windows\system32\jikmp.tmp
c:\windows\system32\khhpbuqj.ini
c:\windows\system32\kjiii.bak1
c:\windows\system32\kjiii.ini
c:\windows\system32\kknmp.bak1
c:\windows\system32\kknmp.ini
c:\windows\system32\kmoqr.bak1
c:\windows\system32\kmoqr.ini
c:\windows\system32\lknmp.bak1
c:\windows\system32\lknmp.ini
c:\windows\system32\llkkj.bak1
c:\windows\system32\llkkj.bak2
c:\windows\system32\llkkj.ini
c:\windows\system32\lmnpo.bak1
c:\windows\system32\lmnpo.ini
c:\windows\system32\lnoqr.bak1
c:\windows\system32\lnoqr.ini
c:\windows\system32\nxpvsfdk.ini
c:\windows\system32\orsut.bak1
c:\windows\system32\orsut.ini
c:\windows\system32\owlktjbm.ini
c:\windows\system32\ponxjpwh.ini
c:\windows\system32\porqr.bak1
c:\windows\system32\porqr.bak2
c:\windows\system32\porqr.ini
c:\windows\system32\prqss.bak1
c:\windows\system32\prqss.ini
c:\windows\system32\rqsut.bak1
c:\windows\system32\rqsut.ini
c:\windows\system32\rutss.bak1
c:\windows\system32\rutss.ini
c:\windows\system32\sbygvgum.ini
c:\windows\system32\suxbc.bak1
c:\windows\system32\suxbc.bak2
c:\windows\system32\suxbc.ini
c:\windows\system32\svutv.bak1
c:\windows\system32\svutv.ini
c:\windows\system32\ttsut.bak1
c:\windows\system32\ttsut.ini
c:\windows\system32\tvutv.bak1
c:\windows\system32\tvutv.ini
c:\windows\system32\UACakyfuxhl.dll
c:\windows\system32\UACdjnosotp.db
c:\windows\system32\UACgrprrjtq.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjfvbuhrp.log
c:\windows\system32\UACkdihtbue.dll
c:\windows\system32\UACmpsxmqww.dll
c:\windows\system32\UACqjyidmwc.dll
c:\windows\system32\UACrnijxvkb.dll
c:\windows\system32\UACsoyswvke.log
c:\windows\system32\UACxekylumx.dll
c:\windows\system32\UACykmnlbar.dat
c:\windows\system32\uvvyb.bak1
c:\windows\system32\uvvyb.ini
c:\windows\system32\vwxyb.bak1
c:\windows\system32\vwxyb.ini
c:\windows\system32\xbeeg.bak1
c:\windows\system32\xbeeg.ini
c:\windows\system32\xxabc.bak1
c:\windows\system32\xxabc.bak2
c:\windows\system32\xxabc.ini
c:\windows\system32\xxabc.tmp
c:\windows\system32\yejlsjhb.ini
c:\windows\system32\yfrdisor.ini
c:\windows\system32\yyccf.bak1
c:\windows\system32\yyccf.bak2
c:\windows\system32\yyccf.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-03-28 00:46 . 2008-07-03 14:16 8,454,656 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-27 20:08 . 2009-03-27 20:08 <DIR> d-------- c:\documents and settings\Any Authorised User\DoctorWeb
2009-03-27 19:54 . 2009-03-27 19:53 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-26 19:24 . 2009-03-26 19:35 <DIR> d-------- C:\gmer
2009-03-22 23:45 . 2009-03-28 00:54 250,032 --a------ C:\ntldr
2009-03-22 23:45 . 2004-08-04 09:56 146,432 --a------ c:\windows\system\winspool.drv
2009-03-22 23:45 . 2004-08-04 08:00 71,040 --------- c:\windows\system32\drivers\_003903_.tmp.dll
2009-03-22 23:45 . 2006-12-29 19:08 23,044 --a------ c:\windows\system32\sorttbls.nls
2009-03-21 18:37 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-21 18:37 . 2009-03-06 17:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-21 18:37 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-21 18:36 . 2009-03-28 01:03 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-21 18:36 . 2009-03-21 18:44 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-21 18:36 . 2009-03-21 18:36 <DIR> d-------- c:\documents and settings\Any Authorised User\Application Data\PC Tools
2009-03-21 18:36 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-21 08:50 . 2008-12-21 00:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-21 08:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-21 08:50 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-21 08:50 . 2008-12-21 00:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-21 08:50 . 2008-12-21 00:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-21 08:50 . 2008-12-21 00:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-21 08:50 . 2008-12-21 00:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-21 08:50 . 2008-12-21 00:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-21 08:50 . 2008-12-19 10:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-21 00:42 . 2009-03-21 00:43 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-21 00:28 . 2009-03-21 00:28 <DIR> d-------- c:\program files\AVG
2009-03-21 00:28 . 2009-03-22 00:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-20 23:35 . 2009-03-22 14:12 <DIR> d-------- c:\program files\PC Tools Disk Suite
2009-03-20 23:35 . 2009-04-01 22:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 23:35 . 2009-03-20 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-03-15 17:04 . 2009-04-01 21:41 1,896,749 --a------ c:\windows\system32\uactmp.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 00:25 --------- d-----w c:\program files\Lx_cats
2009-03-27 18:53 --------- d-----w c:\program files\Java
2009-03-22 15:17 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-22 15:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 15:07 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-21 23:43 --------- d-----w c:\program files\LimeWire
2009-03-21 23:38 --------- d-----w c:\program files\IBM
2009-03-21 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\ibm
2009-03-21 08:03 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-21 00:13 --------- d-----w c:\program files\Norton Security Scan
2009-03-21 00:12 --------- d-----w c:\program files\Norton AntiVirus
2009-03-21 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-12 07:58 --------- d-----w c:\documents and settings\Any Authorised User\Application Data\LimeWire
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"msnmsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-26 36864]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-01-16 267584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 c:\windows\system32\tp4serv.exe]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 12:07 262144 c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 05:11 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ pwdmon scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-21 130424]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-11-22 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-11-22 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-11-22 16384]
R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [2009-03-20 869696]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-21 348752]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-01-01 13904]
S2 SpywareCleanerService;SpywareCleanerService;c:\program files\Spyware Cleaner\SCService.exe --> c:\program files\Spyware Cleaner\SCService.exe [?]
S3 PAC207;USB PC Cam Plus;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-11-22 12288]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2005-11-22 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 10:37]
.
- - - - ORPHANS REMOVED - - - -

BHO-{07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
Toolbar-{07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
WebBrowser-{07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
HKCU-Run-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
HKCU-Run-goqqe - c:\documents and settings\any authorised user\local settings\application data\goqqe.exe
HKLM-Run-304ef22d - c:\windows\system32\mbjtklwo.dll
HKLM-Run-UC_SMB - (no file)
Notify-byvvu - c:\windows\system32\byvvu.dll
Notify-byxwv - c:\windows\system32\byxwv.dll
Notify-byxya - c:\windows\system32\byxya.dll
Notify-cbaxx - c:\windows\system32\cbaxx.dll
Notify-cbxus - c:\windows\system32\cbxus.dll
Notify-efeba - c:\windows\system32\efeba.dll
Notify-hgdcd - c:\windows\system32\hgdcd.dll
Notify-hgghg - c:\windows\system32\hgghg.dll
Notify-jkkhg - c:\windows\system32\jkkhg.dll
Notify-ljjgf - c:\windows\system32\ljjgf.dll
Notify-mljki - c:\windows\system32\mljki.dll
Notify-opnml - c:\windows\system32\opnml.dll
Notify-pmkij - c:\windows\system32\pmkij.dll
Notify-pmnkk - c:\windows\system32\pmnkk.dll
Notify-pmnkl - c:\windows\system32\pmnkl.dll
Notify-rqomk - c:\windows\system32\rqomk.dll
Notify-rqonl - c:\windows\system32\rqonl.dll
Notify-rqrop - c:\windows\system32\rqrop.dll
Notify-sstur - c:\windows\system32\sstur.dll
Notify-tusqr - c:\windows\system32\tusqr.dll
Notify-tusro - c:\windows\system32\tusro.dll
Notify-tustt - c:\windows\system32\tustt.dll
Notify-vtuvs - c:\windows\system32\vtuvs.dll
Notify-vtuvt - c:\windows\system32\vtuvt.dll
Notify-ljjigdd - ljjigdd.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.aber.ac.uk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-01 22:10:14
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\pwdmon.dll

- - - - - - - > 'explorer.exe'(2452)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\ThinkPad\CONNEC~1\QCTRAY.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-04-01 22:15:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 21:15:25

Pre-Run: 18,462,019,584 bytes free
Post-Run: 18,580,115,456 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
389 --- E O F --- 2009-03-28 00:07:58

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 01 April 2009 - 05:06 PM

Hello.

Nasty infection you have. The rootkit was removed. :thumbup2:

Let's take care a few of the rest. I see a lot of leftover Security programs folder that was not removed. We will remove it now.

You Do not appear to have an Anti-Virus program installed, please install one Now. Install an Anti-virus first before running Combofix or GMER.

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:Update It after the installation is complete please. Let me know once you installed it.


Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\system32\drivers\_003903_.tmp.dll
    c:\windows\system32\uactmp.db
    Folder::
    c:\documents and settings\All Users\Application Data\Messenger Plus!
    c:\program files\LimeWire
    c:\program files\Norton Security Scan
    c:\program files\Norton AntiVirus
    c:\documents and settings\All Users\Application Data\Symantec
    c:\documents and settings\Any Authorised User\Application Data\LimeWire
    c:\documents and settings\All Users\Application Data\avg8
    c:\program files\AVG
    C:\$AVG8.VAULT$
    Driver::
    SpywareCleanerService
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes..
  • When it's done scanning, you may receive another notice. Click OK if prompted.
  • Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.
  • If you receive no notice, click on the Scan button near the bottom.
  • It will start scanning again like before.
  • When it is done, Click on Save ... to save the log on your desktop.
    Save the log as GMER.txt when you save it on your desktop.
  • Close Gmer and copy and paste the contents of GMER.txt in your next reply.If GMER doesn't work in Normal Mode try running it in Safe Mode
Note: Do Not run any program while GMER is running

Important!:Please do not select the Show all checkbox during the scan.

Post back with:
-Combofix log
-GMER log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 03:16 PM

AVG free downloaded - 21:15 GMT 2nd April 2009.... will now continue with rest of instructions.

Thanks

Alan

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 02 April 2009 - 03:26 PM

Okay.

Thanks for the update :thumbup2:

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 04:09 PM

Combofix log herewith:....... will run gmer now

ComboFix 09-04-01.01 - Any Authorised User 2009-04-02 21:41:41.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.182 [GMT 1:00]
Running from: c:\documents and settings\Any Authorised User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Any Authorised User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\drivers\_003903_.tmp.dll
c:\windows\system32\uactmp.db
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$AVG8.VAULT$
c:\$avg8.vault$\V_00000001.fil
c:\$avg8.vault$\V_00000002.fil
c:\$avg8.vault$\V_00000003.fil
c:\$avg8.vault$\V_00000004.fil
c:\$avg8.vault$\V_00000005.fil
c:\$avg8.vault$\V_00000006.fil
c:\$avg8.vault$\V_00000007.fil
c:\$avg8.vault$\V_00000008.fil
c:\$avg8.vault$\V_00000009.fil
c:\$avg8.vault$\V_00000010.fil
c:\$avg8.vault$\V_00000011.fil
c:\$avg8.vault$\V_00000012.fil
c:\$avg8.vault$\V_00000013.fil
c:\$avg8.vault$\V_00000014.fil
c:\$avg8.vault$\V_00000015.fil
c:\$avg8.vault$\V_00000016.fil
c:\$avg8.vault$\V_00000017.fil
c:\$avg8.vault$\V_00000018.fil
c:\$avg8.vault$\V_00000019.fil
c:\$avg8.vault$\V_00000020.fil
c:\$avg8.vault$\V_00000021.fil
c:\$avg8.vault$\V_00000022.fil
c:\$avg8.vault$\V_00000023.fil
c:\$avg8.vault$\V_00000024.fil
c:\$avg8.vault$\V_00000025.fil
c:\$avg8.vault$\V_00000026.fil
c:\$avg8.vault$\V_00000027.fil
c:\$avg8.vault$\V_00000028.fil
c:\$avg8.vault$\V_00000029.fil
c:\$avg8.vault$\V_00000030.fil
c:\$avg8.vault$\V_00000031.fil
c:\$avg8.vault$\V_00000032.fil
c:\$avg8.vault$\V_00000033.fil
c:\$avg8.vault$\V_00000034.fil
c:\$avg8.vault$\V_00000035.fil
c:\$avg8.vault$\V_00000036.fil
c:\$avg8.vault$\V_00000037.fil
c:\$avg8.vault$\V_00000038.fil
c:\$avg8.vault$\V_00000039.fil
c:\$avg8.vault$\V_00000040.fil
c:\$avg8.vault$\V_00000041.fil
c:\$avg8.vault$\V_00000042.fil
c:\$avg8.vault$\V_00000043.fil
c:\$avg8.vault$\V_00000044.fil
c:\$avg8.vault$\V_00000045.fil
c:\$avg8.vault$\V_00000046.fil
c:\$avg8.vault$\V_00000047.fil
c:\$avg8.vault$\V_00000048.fil
c:\$avg8.vault$\V_00000049.fil
c:\$avg8.vault$\V_00000050.fil
c:\$avg8.vault$\vvfolder.idx
c:\documents and settings\All Users\Application Data\avg8\Cfg\admin.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\setup.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg8\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\cfgexlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\Log\ldrlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\Temp\2398dfc4-d78c-4142-9c3b-8b7ee90ce839-f14-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\Temp\69c663e3-0f76-4d35-8782-30f5eb2940f7-f6c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\microavi.avg
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\download\avginfoavi.ctf
c:\documents and settings\All Users\Application Data\avg8\update\download\avginfowin.ctf
c:\documents and settings\All Users\Application Data\avg8\update\download\u7avi1473u1435ly.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u7iavi2037u2016m5.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_46d45p7.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb2_63cz.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_72d69se.bin
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\All Users\Application Data\Messenger Plus!
c:\documents and settings\All Users\Application Data\Messenger Plus!\global.dat
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\Message.exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\patch.dis
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\setup.exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\SNDUpdater.msi
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\SymStore.dll
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\Message.exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\patch.dis
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\setup.exe
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\SNDUpdater.msi
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\SymStore.dll
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\Any Authorised User\Application Data\LimeWire
c:\documents and settings\Any Authorised User\Application Data\LimeWire\412splashfree.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Any Authorised User\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Any Authorised User\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Any Authorised User\Application Data\LimeWire\data.ser
c:\documents and settings\Any Authorised User\Application Data\LimeWire\downloads.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Any Authorised User\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Any Authorised User\Application Data\LimeWire\filters.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\installation.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\library.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\library5.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\limewire.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mojito.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFFd01
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Any Authorised User\Application Data\LimeWire\pub1.key
c:\documents and settings\Any Authorised User\Application Data\LimeWire\public.key
c:\documents and settings\Any Authorised User\Application Data\LimeWire\questions.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\responses.cache
c:\documents and settings\Any Authorised User\Application Data\LimeWire\secureMessage.key
c:\documents and settings\Any Authorised User\Application Data\LimeWire\simpp.xml
c:\documents and settings\Any Authorised User\Application Data\LimeWire\spam.dat
c:\documents and settings\Any Authorised User\Application Data\LimeWire\tables.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\splashpro.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\splashpro.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\splashpro.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\splashpro.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\ttree.cache
c:\documents and settings\Any Authorised User\Application Data\LimeWire\update.xml
c:\documents and settings\Any Authorised User\Application Data\LimeWire\version.key
c:\documents and settings\Any Authorised User\Application Data\LimeWire\version.xml
c:\documents and settings\Any Authorised User\Application Data\LimeWire\versions.props
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Any Authorised User\Application Data\LimeWire\xml\schemas\video.xsd
c:\program files\AVG
c:\program files\AVG\AVG8\aAvgApi.exe
c:\program files\AVG\AVG8\avg.snu
c:\program files\AVG\AVG8\avg404.txt
c:\program files\AVG\AVG8\avg7api.dll
c:\program files\AVG\AVG8\avg8us.lng
c:\program files\AVG\AVG8\avgabout.dll
c:\program files\AVG\AVG8\avgamnot.dll
c:\program files\AVG\AVG8\avgapix.dll
c:\program files\AVG\AVG8\avgatend.stp
c:\program files\AVG\AVG8\avgatupd.stp
c:\program files\AVG\AVG8\avgbat.bav
c:\program files\AVG\AVG8\avgcclix.dll
c:\program files\AVG\AVG8\avgcfgex.exe
c:\program files\AVG\AVG8\avgcfgx.dll
c:\program files\AVG\AVG8\avgclitx.dll
c:\program files\AVG\AVG8\avgcmgr.exe
c:\program files\AVG\AVG8\avgcorex.dll
c:\program files\AVG\AVG8\avgcrlpx.dll
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgdumpx.exe
c:\program files\AVG\AVG8\avgf8us.chm
c:\program files\AVG\AVG8\avgfree_us.mht
c:\program files\AVG\AVG8\avgfrw.exe
c:\program files\AVG\AVG8\avginet.dll
c:\program files\AVG\AVG8\avgiproxy.exe
c:\program files\AVG\AVG8\avglngx.dll
c:\program files\AVG\AVG8\avglogx.dll
c:\program files\AVG\AVG8\avgmail.dll
c:\program files\AVG\AVG8\avgmvflx.dll
c:\program files\AVG\AVG8\avgmwdef_us.mht
c:\program files\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgoff2k.dll
c:\program files\AVG\AVG8\avgpp.dll
c:\program files\AVG\AVG8\avgresf.dll
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgscanx.dll
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgsched.dll
c:\program files\AVG\AVG8\avgse.dll
c:\program files\AVG\AVG8\avgsrmax.exe
c:\program files\AVG\AVG8\avgsrmx.dll
c:\program files\AVG\AVG8\avgssie.dll
c:\program files\AVG\AVG8\avgtbapi.dll
c:\program files\AVG\AVG8\avgtoolbar.dll
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\AVG\AVG8\avgui.exe
c:\program files\AVG\AVG8\avguiadv.dll
c:\program files\AVG\AVG8\avguires.dll
c:\program files\AVG\AVG8\avgupd.dll
c:\program files\AVG\AVG8\avgupd.exe
c:\program files\AVG\AVG8\avgvvx.dll
c:\program files\AVG\AVG8\avgwd.dll
c:\program files\AVG\AVG8\avgwdsvc.exe
c:\program files\AVG\AVG8\avgwdwsc.dll
c:\program files\AVG\AVG8\avgxch32.dll
c:\program files\AVG\AVG8\avgxpl.dll
c:\program files\AVG\AVG8\cf.dat
c:\program files\AVG\AVG8\contacts_us.html
c:\program files\AVG\AVG8\dbghelp.dll
c:\program files\AVG\AVG8\dfncfg.dat
c:\program files\AVG\AVG8\fixcfg.exe
c:\program files\AVG\AVG8\Icons\background_middle_gray.gif
c:\program files\AVG\AVG8\Icons\background_middle_green.gif
c:\program files\AVG\AVG8\Icons\background_middle_orange.gif
c:\program files\AVG\AVG8\Icons\background_middle_red.gif
c:\program files\AVG\AVG8\Icons\background_middle_yellow.gif
c:\program files\AVG\AVG8\Icons\background_top_gray.gif
c:\program files\AVG\AVG8\Icons\background_top_green.gif
c:\program files\AVG\AVG8\Icons\background_top_orange.gif
c:\program files\AVG\AVG8\Icons\background_top_red.gif
c:\program files\AVG\AVG8\Icons\background_top_yellow.gif
c:\program files\AVG\AVG8\Icons\block-doc.gif
c:\program files\AVG\AVG8\Icons\blocked.gif
c:\program files\AVG\AVG8\Icons\border_bottom_gray.gif
c:\program files\AVG\AVG8\Icons\border_bottom_green.gif
c:\program files\AVG\AVG8\Icons\border_bottom_orange.gif
c:\program files\AVG\AVG8\Icons\border_bottom_red.gif
c:\program files\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\program files\AVG\AVG8\Icons\border_top_gray.gif
c:\program files\AVG\AVG8\Icons\border_top_green.gif
c:\program files\AVG\AVG8\Icons\border_top_orange.gif
c:\program files\AVG\AVG8\Icons\border_top_red.gif
c:\program files\AVG\AVG8\Icons\border_top_yellow.gif
c:\program files\AVG\AVG8\Icons\box_bottom_red.gif
c:\program files\AVG\AVG8\Icons\box_top_red.gif
c:\program files\AVG\AVG8\Icons\caution.gif
c:\program files\AVG\AVG8\Icons\click_here_gray.gif
c:\program files\AVG\AVG8\Icons\click_here_green.gif
c:\program files\AVG\AVG8\Icons\click_here_orange.gif
c:\program files\AVG\AVG8\Icons\click_here_red.gif
c:\program files\AVG\AVG8\Icons\click_here_yellow.gif
c:\program files\AVG\AVG8\Icons\clock.gif
c:\program files\AVG\AVG8\Icons\close.gif
c:\program files\AVG\AVG8\Icons\icons_blocked.gif
c:\program files\AVG\AVG8\Icons\icons_caution.gif
c:\program files\AVG\AVG8\Icons\icons_close.gif
c:\program files\AVG\AVG8\Icons\icons_safe.gif
c:\program files\AVG\AVG8\Icons\icons_unknown.gif
c:\program files\AVG\AVG8\Icons\icons_warning.gif
c:\program files\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\program files\AVG\AVG8\Icons\safe.gif
c:\program files\AVG\AVG8\Icons\unknown.gif
c:\program files\AVG\AVG8\Icons\warning.gif
c:\program files\AVG\AVG8\license_us.txt
c:\program files\AVG\AVG8\ph.dat
c:\program files\AVG\AVG8\sb.dat
c:\program files\AVG\AVG8\sb.dat.xcd
c:\program files\AVG\AVG8\sb2.dat
c:\program files\AVG\AVG8\sc.dat
c:\program files\AVG\AVG8\sc.dat.xcd
c:\program files\AVG\AVG8\setup.dat
c:\program files\AVG\AVG8\setup.exe
c:\program files\AVG\AVG8\setupus.lns
c:\program files\AVG\AVG8\ToolbarIEcache\avglinks.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avglogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg
c:\program files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp
c:\program files\AVG\AVG8\ToolbarIEcache\slider.bmp
c:\program files\LimeWire
c:\program files\LimeWire\GenericWindowsUtils.dll
c:\program files\LimeWire\i18n.jar
c:\program files\LimeWire\LimeWire20.dll
c:\program files\LimeWire\log4j.properties
c:\program files\LimeWire\WindowsFirewall.dll
c:\program files\LimeWire\WindowsV5PlusUtils.dll
c:\program files\LimeWire\xerces.jar
c:\program files\LimeWire\xml-apis.jar
c:\program files\Norton AntiVirus
c:\program files\Norton Security Scan
c:\program files\Norton Security Scan\NSS.exe.replace
c:\windows\system32\drivers\_003903_.tmp.dll
c:\windows\system32\uactmp.db
c:\documents and settings\All Users\Application Data\avg8 . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPYWARECLEANERSERVICE
-------\Service_SpywareCleanerService


((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.

2009-04-02 21:39 . 2009-04-02 21:39 <DIR> d-------- C:\ComboFix1
2009-04-02 21:37 . 2009-04-02 21:37 <DIR> d-------- C:\Combo-Fix
2009-04-02 21:19 . 2009-04-02 21:22 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-04-02 21:19 . 2009-04-02 21:23 <DIR> d-------- c:\documents and settings\Any Authorised User\Application Data\AVGTOOLBAR
2009-04-02 21:19 . 2009-04-02 21:19 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-04-02 21:19 . 2009-04-02 21:19 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-04-02 21:19 . 2009-04-02 21:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-28 00:46 . 2008-07-03 14:16 8,454,656 --a------ c:\windows\system32\dllcache\shell32.dll
2009-03-27 20:08 . 2009-03-27 20:08 <DIR> d-------- c:\documents and settings\Any Authorised User\DoctorWeb
2009-03-27 19:54 . 2009-03-27 19:53 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-26 19:24 . 2009-03-26 19:35 <DIR> d-------- C:\gmer
2009-03-22 23:45 . 2009-03-28 00:54 250,032 --a------ C:\ntldr
2009-03-22 23:45 . 2004-08-04 09:56 146,432 --a------ c:\windows\system\winspool.drv
2009-03-22 23:45 . 2006-12-29 19:08 23,044 --a------ c:\windows\system32\sorttbls.nls
2009-03-21 18:37 . 2008-12-11 09:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-21 18:37 . 2009-03-06 17:45 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-21 18:37 . 2008-12-18 13:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-21 18:36 . 2009-04-02 21:04 <DIR> d-------- c:\program files\Spyware Doctor
2009-03-21 18:36 . 2009-03-21 18:44 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-21 18:36 . 2009-03-21 18:36 <DIR> d-------- c:\documents and settings\Any Authorised User\Application Data\PC Tools
2009-03-21 18:36 . 2008-12-10 13:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-21 08:50 . 2008-12-21 00:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-03-21 08:50 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-03-21 08:50 . 2007-03-08 06:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-03-21 08:50 . 2008-12-21 00:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-21 08:50 . 2008-12-21 00:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-21 08:50 . 2008-12-21 00:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-03-21 08:50 . 2008-12-21 00:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-03-21 08:50 . 2008-12-21 00:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-03-21 08:50 . 2008-12-19 10:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-03-21 00:28 . 2009-04-02 21:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-20 23:35 . 2009-03-22 14:12 <DIR> d-------- c:\program files\PC Tools Disk Suite
2009-03-20 23:35 . 2009-04-02 22:00 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 23:35 . 2009-03-20 23:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 00:25 --------- d-----w c:\program files\Lx_cats
2009-03-27 18:53 --------- d-----w c:\program files\Java
2009-03-22 15:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 15:07 --------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-21 23:38 --------- d-----w c:\program files\IBM
2009-03-21 23:38 --------- d-----w c:\documents and settings\All Users\Application Data\ibm
2009-03-21 08:03 --------- d-----w c:\program files\Common Files\Symantec Shared
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"msnmsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-08-16 5728112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-26 36864]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DiskSuite"="c:\program files\PC Tools Disk Suite\aDSProcMngr.exe" [2009-01-16 267584]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [2003-11-13 c:\windows\system32\tp4serv.exe]
"TP4EX"="tp4ex.exe" [2002-09-04 c:\windows\system32\TP4EX.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-22 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-02 21:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 12:07 262144 c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 05:11 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ pwdmon scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\lxcgcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxcgpswx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-21 130424]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2005-11-22 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-02 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-02 108552]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-11-22 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-11-22 16384]
R2 DiskSuiteService;PC Tools Disk Suite;c:\program files\PC Tools Disk Suite\DSService.exe [2009-03-20 869696]
R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-21 348752]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [1980-01-01 13904]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 PAC207;USB PC Cam Plus;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2005-11-22 12288]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2005-11-22 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 10:37]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.aber.ac.uk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 21:59:28
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\tphklock.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\pwdmon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\PAStiSvc.exe
c:\windows\system32\TpKmpSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\progra~1\ThinkPad\CONNEC~1\QCTRAY.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\lxcgcoms.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-04-02 22:05:47 - machine was rebooted [Any Authorised User]
ComboFix-quarantined-files.txt 2009-04-02 21:05:41
ComboFix2.txt 2009-04-01 21:15:37

Pre-Run: 18,246,213,632 bytes free
Post-Run: 18,180,108,288 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
1045 --- E O F --- 2009-03-28 00:07:58

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 02 April 2009 - 04:54 PM

Hello.

Forgot to mention something mostly my fault here. The script removed the AVG folder that was empty but since you installed a new AVG it was back and that script would of removed it.. I apologize. :thumbup2:

Sorry about that but we will restore those back in the next post.

In your next reply post back with the GMER log in addition to the ComboFix-quarantined-files.txt file.
That file can be found at the C:\Qoobox folder.

Post back with the GMER log and the ComboFix-quarantined-files.txt log

With regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 05:17 PM

/Edit: Repeat of post #10

Edited by extremeboy, 02 April 2009 - 07:14 PM.
Removed repetition of GMER log


#10 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 05:18 PM

GMER log as follows:(Part 1)

That is a pretty thorough program !!!

Thanks again for all of your help so far.....

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-02 23:11:06
Windows 5.1.2600 Service Pack 2

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxepxmkti.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxepxmkti.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACmpsxmqww.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACykmnlbar.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACrnijxvkb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACakyfuxhl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACxekylumx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACdjnosotp.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkdihtbue.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqjyidmwc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsoyswvke.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACjfvbuhrp.log
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACgrprrjtq.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxepxmkti.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxepxmkti.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACmpsxmqww.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACykmnlbar.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACrnijxvkb.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACakyfuxhl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACxekylumx.dll

Part 2........

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACdjnosotp.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACkdihtbue.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqjyidmwc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACsoyswvke.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACjfvbuhrp.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACgrprrjtq.log

/Edit: Saved log onto desktop, removed the other unnecessary information to prevent my browser to crash.. :thumbup2:

Edited by extremeboy, 02 April 2009 - 07:13 PM.
Prevent browser from freezing..


#11 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 05:25 PM

/Edit: Edit to remove the unnecessary information/log.

Edited by extremeboy, 02 April 2009 - 07:11 PM.


#12 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 05:30 PM

Sorry my friend, I can see various files within a variety of folders, but it is only the text file above that I can copy and paste. Is this te information that you need?

#13 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 April 2009 - 05:32 PM

Just found this log, which I suspect is what you require... sorry !!

2005-11-22 14:34:19 A------- 271 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate.vir
2005-11-22 14:34:19 A------- 16,050 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate.vir
2005-11-22 14:35:15 A------- 1,820 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe.vir
2005-12-29 21:28:50 A------- 1,180 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\patch.dis.vir
2005-12-29 21:28:50 A------- 79,504 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\setup.exe.vir
2005-12-29 21:28:50 A------- 1,729,536 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\SNDUpdater.msi.vir
2005-12-29 21:28:51 A------- 90,112 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\Message.exe.vir
2005-12-29 21:28:51 A------- 124,168 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem5085_symnet_4.7.3_english\SymStore.dll.vir
2006-01-14 16:38:06 A------- 1,183 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\patch.dis.vir
2006-01-14 16:38:06 A------- 79,504 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\setup.exe.vir
2006-01-14 16:38:06 A------- 1,789,440 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\SNDUpdater.msi.vir
2006-01-14 16:38:07 A------- 90,112 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\Message.exe.vir
2006-01-14 16:38:07 A------- 124,168 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem3263_symnet$20consumer_5.4.4_english\SymStore.dll.vir
2007-01-29 22:33:39 AC------ 12,279 C:\Qoobox\Quarantine\C\Program Files\LimeWire\GenericWindowsUtils.dll.vir
2007-01-29 22:33:40 AC------ 40,960 C:\Qoobox\Quarantine\C\Program Files\LimeWire\LimeWire20.dll.vir
2007-01-29 22:33:40 AC------ 61,440 C:\Qoobox\Quarantine\C\Program Files\LimeWire\WindowsFirewall.dll.vir
2007-01-29 22:33:41 AC------ 12,808 C:\Qoobox\Quarantine\C\Program Files\LimeWire\WindowsV5PlusUtils.dll.vir
2007-01-29 22:33:43 AC------ 7,171 C:\Qoobox\Quarantine\C\Program Files\LimeWire\log4j.properties.vir
2007-05-19 13:32:30 AC------ 25,678 C:\Qoobox\Quarantine\C\Program Files\LimeWire\i18n.jar.vir
2007-05-19 13:32:31 AC------ 207,655 C:\Qoobox\Quarantine\C\Program Files\LimeWire\xml-apis.jar.vir
2007-05-19 13:32:31 AC------ 2,147,687 C:\Qoobox\Quarantine\C\Program Files\LimeWire\xerces.jar.vir
2007-05-19 13:32:49 A------- 84 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\dir_open.gif.vir
2007-05-19 13:32:49 A------- 86 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\dir_closed.gif.vir
2007-05-19 13:32:49 A------- 105 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\kill_on.gif.vir
2007-05-19 13:32:49 A------- 108 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\kill.gif.vir
2007-05-19 13:32:49 A------- 143 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\warning.gif.vir
2007-05-19 13:32:49 A------- 167 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\question.gif.vir
2007-05-19 13:32:49 A------- 236 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\01_star.gif.vir
2007-05-19 13:32:49 A------- 240 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\01_star.gif.vir
2007-05-19 13:32:49 A------- 291 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\02_star.gif.vir
2007-05-19 13:32:49 A------- 297 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\02_star.gif.vir
2007-05-19 13:32:49 A------- 335 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\03_star.gif.vir
2007-05-19 13:32:49 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\04_star.gif.vir
2007-05-19 13:32:49 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\05_star.gif.vir
2007-05-19 13:32:49 A------- 576 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\chat.gif.vir
2007-05-19 13:32:49 A------- 605 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\lime.gif.vir
2007-05-19 13:32:49 A------- 610 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\stop_dn.gif.vir
2007-05-19 13:32:49 A------- 630 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\pause_dn.gif.vir
2007-05-19 13:32:49 A------- 630 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\rewind_dn.gif.vir
2007-05-19 13:32:49 A------- 635 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\play_dn.gif.vir
2007-05-19 13:32:49 A------- 642 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\forward_dn.gif.vir
2007-05-19 13:32:49 A------- 666 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\stop_up.gif.vir
2007-05-19 13:32:49 A------- 686 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\pause_up.gif.vir
2007-05-19 13:32:49 A------- 686 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\play_up.gif.vir
2007-05-19 13:32:49 A------- 689 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\rewind_up.gif.vir
2007-05-19 13:32:49 A------- 697 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\forward_up.gif.vir
2007-05-19 13:32:49 A------- 926 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\logo.gif.vir
2007-05-19 13:32:49 A------- 1,007 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\notsearching.gif.vir
2007-05-19 13:32:49 A------- 2,365 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\theme.txt.vir
2007-05-19 13:32:49 A------- 6,319 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\searching.gif.vir
2007-05-19 13:32:49 A------- 48,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\splashpro.png.vir
2007-05-19 13:32:49 A------- 49,333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme\splash.png.vir
2007-05-19 13:32:49 A------- 121,093 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\black_theme.lwtp.vir
2007-05-19 13:32:49 A------- 122,976 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme.lwtp.vir
2007-05-19 13:32:50 A------- 84 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\dir_open.gif.vir
2007-05-19 13:32:50 A------- 84 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\dir_open.gif.vir
2007-05-19 13:32:50 A------- 86 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\dir_closed.gif.vir
2007-05-19 13:32:50 A------- 86 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif.vir
2007-05-19 13:32:50 A------- 90 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\kill.gif.vir
2007-05-19 13:32:50 A------- 90 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\kill.gif.vir
2007-05-19 13:32:50 A------- 99 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\kill.gif.vir
2007-05-19 13:32:50 A------- 99 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\kill.gif.vir
2007-05-19 13:32:50 A------- 104 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\kill_on.gif.vir
2007-05-19 13:32:50 A------- 104 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\kill_on.gif.vir
2007-05-19 13:32:50 A------- 104 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\kill_on.gif.vir
2007-05-19 13:32:50 A------- 143 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\warning.gif.vir
2007-05-19 13:32:50 A------- 143 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\warning.gif.vir
2007-05-19 13:32:50 A------- 167 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\question.gif.vir
2007-05-19 13:32:50 A------- 167 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\question.gif.vir
2007-05-19 13:32:50 A------- 209 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\search.gif.vir
2007-05-19 13:32:50 A------- 236 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\01_star.gif.vir
2007-05-19 13:32:50 A------- 236 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\01_star.gif.vir
2007-05-19 13:32:50 A------- 236 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\01_star.gif.vir
2007-05-19 13:32:50 A------- 291 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\02_star.gif.vir
2007-05-19 13:32:50 A------- 291 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\02_star.gif.vir
2007-05-19 13:32:50 A------- 291 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\02_star.gif.vir
2007-05-19 13:32:50 A------- 325 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\03_star.gif.vir
2007-05-19 13:32:50 A------- 325 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\03_star.gif.vir
2007-05-19 13:32:50 A------- 325 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\03_star.gif.vir
2007-05-19 13:32:50 A------- 325 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\03_star.gif.vir
2007-05-19 13:32:50 A------- 365 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\04_star.gif.vir
2007-05-19 13:32:50 A------- 365 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\04_star.gif.vir
2007-05-19 13:32:50 A------- 365 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\04_star.gif.vir
2007-05-19 13:32:50 A------- 365 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\04_star.gif.vir
2007-05-19 13:32:50 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\05_star.gif.vir
2007-05-19 13:32:50 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\05_star.gif.vir
2007-05-19 13:32:50 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\05_star.gif.vir
2007-05-19 13:32:50 A------- 374 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\05_star.gif.vir
2007-05-19 13:32:50 A------- 520 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\chat.gif.vir
2007-05-19 13:32:50 A------- 520 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\chat.gif.vir
2007-05-19 13:32:50 A------- 520 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\chat.gif.vir
2007-05-19 13:32:50 A------- 520 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\chat.gif.vir
2007-05-19 13:32:50 A------- 605 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\lime.gif.vir
2007-05-19 13:32:50 A------- 663 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\stop_up.gif.vir
2007-05-19 13:32:50 A------- 666 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\stop_dn.gif.vir
2007-05-19 13:32:50 A------- 666 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\warning.gif.vir
2007-05-19 13:32:50 A------- 685 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\pause_up.gif.vir
2007-05-19 13:32:50 A------- 685 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\play_up.gif.vir
2007-05-19 13:32:50 A------- 687 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\pause_dn.gif.vir
2007-05-19 13:32:50 A------- 687 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\play_dn.gif.vir
2007-05-19 13:32:50 A------- 688 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\rewind_up.gif.vir
2007-05-19 13:32:50 A------- 690 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif.vir
2007-05-19 13:32:50 A------- 695 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\forward_up.gif.vir
2007-05-19 13:32:50 A------- 696 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\forward_dn.gif.vir
2007-05-19 13:32:50 A------- 789 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\theme.txt.vir
2007-05-19 13:32:50 A------- 805 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\stop_up.gif.vir
2007-05-19 13:32:50 A------- 807 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\forward_up.gif.vir
2007-05-19 13:32:50 A------- 809 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif.vir
2007-05-19 13:32:50 A------- 812 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\pause_up.gif.vir
2007-05-19 13:32:50 A------- 812 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif.vir
2007-05-19 13:32:50 A------- 813 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\play_up.gif.vir
2007-05-19 13:32:50 A------- 816 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif.vir
2007-05-19 13:32:50 A------- 823 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\play_dn.gif.vir
2007-05-19 13:32:50 A------- 824 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif.vir
2007-05-19 13:32:50 A------- 830 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif.vir
2007-05-19 13:32:50 A------- 883 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\stop_dn.gif.vir
2007-05-19 13:32:50 A------- 883 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\stop_up.gif.vir
2007-05-19 13:32:50 A------- 889 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\play_dn.gif.vir
2007-05-19 13:32:50 A------- 889 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\play_up.gif.vir
2007-05-19 13:32:50 A------- 889 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\play_dn.gif.vir
2007-05-19 13:32:50 A------- 892 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\pause_dn.gif.vir
2007-05-19 13:32:50 A------- 892 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\pause_up.gif.vir
2007-05-19 13:32:50 A------- 892 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif.vir
2007-05-19 13:32:50 A------- 892 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\pause_up.gif.vir
2007-05-19 13:32:50 A------- 920 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\rewind_dn.gif.vir
2007-05-19 13:32:50 A------- 920 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\rewind_up.gif.vir
2007-05-19 13:32:50 A------- 922 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\forward_dn.gif.vir
2007-05-19 13:32:50 A------- 922 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\forward_up.gif.vir
2007-05-19 13:32:50 A------- 922 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif.vir
2007-05-19 13:32:50 A------- 922 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\forward_up.gif.vir
2007-05-19 13:32:50 A------- 1,187 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\question.gif.vir
2007-05-19 13:32:50 A------- 1,337 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\notsearching.gif.vir
2007-05-19 13:32:50 A------- 1,357 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\notsearching.gif.vir
2007-05-19 13:32:50 A------- 1,688 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\logo.gif.vir
2007-05-19 13:32:50 A------- 2,091 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\notsearching.png.vir
2007-05-19 13:32:50 A------- 2,091 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\notsearching.png.vir
2007-05-19 13:32:50 A------- 2,131 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\theme.txt.vir
2007-05-19 13:32:50 A------- 2,380 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\theme.txt.vir
2007-05-19 13:32:50 A------- 2,529 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\logo.gif.vir
2007-05-19 13:32:50 A------- 4,400 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\logo.png.vir
2007-05-19 13:32:50 A------- 4,400 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\logo.png.vir
2007-05-19 13:32:50 A------- 5,762 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\searching.gif.vir
2007-05-19 13:32:50 A------- 6,822 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\searching.gif.vir
2007-05-19 13:32:50 A------- 6,910 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\searching.gif.vir
2007-05-19 13:32:50 A------- 27,070 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme.lwtp.vir
2007-05-19 13:32:50 A------- 48,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\splashpro.png.vir
2007-05-19 13:32:50 A------- 48,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\splashpro.png.vir
2007-05-19 13:32:50 A------- 48,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\splashpro.png.vir
2007-05-19 13:32:50 A------- 49,333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\classic_theme\splash.png.vir
2007-05-19 13:32:50 A------- 49,333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme\splash.png.vir
2007-05-19 13:32:50 A------- 49,333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme\splash.png.vir
2007-05-19 13:32:50 A------- 124,793 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\other_theme.lwtp.vir
2007-05-19 13:32:50 A------- 125,722 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\limewire_theme.lwtp.vir
2007-05-19 13:32:51 A------- 143 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\warning.gif.vir
2007-05-19 13:32:51 A------- 167 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\question.gif.vir
2007-05-19 13:32:51 A------- 789 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\theme.txt.vir
2007-05-19 13:32:51 A------- 883 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif.vir
2007-05-19 13:32:51 A------- 883 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\stop_up.gif.vir
2007-05-19 13:32:51 A------- 889 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\play_up.gif.vir
2007-05-19 13:32:51 A------- 920 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif.vir
2007-05-19 13:32:51 A------- 920 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif.vir
2007-05-19 13:32:51 A------- 5,762 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\searching.gif.vir
2007-05-19 13:32:51 A------- 49,333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\412splashfree.png.vir
2007-05-19 13:32:51 A------- 55,600 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\splash.png.vir
2007-05-19 13:32:51 A------- 56,042 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\splashpro.png.vir
2007-05-19 13:32:55 A------- 114 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\misc\application.gif.vir
2007-05-19 13:32:55 A------- 146 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\misc\document.gif.vir
2007-05-19 13:32:55 A------- 159 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\misc\audio.gif.vir
2007-05-19 13:32:55 A------- 174 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\misc\image.gif.vir
2007-05-19 13:32:55 A------- 177 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\misc\video.gif.vir
2007-05-19 13:32:55 A------- 404 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\data.ser.vir
2007-05-19 13:32:55 A------- 709 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\version.key.vir
2007-05-19 13:32:55 A------- 711 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\pub1.key.vir
2007-05-19 13:32:55 A------- 711 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\secureMessage.key.vir
2007-05-19 13:32:55 A------- 1,030 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\public.key.vir
2007-05-19 13:32:55 A------- 1,205 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\schemas\document.xsd.vir
2007-05-19 13:32:55 A------- 1,291 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\schemas\image.xsd.vir
2007-05-19 13:32:55 A------- 1,733 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\schemas\application.xsd.vir
2007-05-19 13:32:55 A------- 3,303 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\schemas\video.xsd.vir
2007-05-19 13:32:55 A------- 7,287 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\schemas\audio.xsd.vir
2007-05-19 13:32:55 AC------ 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\data\delete_me.vir
2007-05-19 13:32:57 A------- 268 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\installation.props.vir
2007-05-19 13:32:57 A------- 402 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\library.dat.vir
2007-05-19 13:32:57 A------- 12,549 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\limewire.props.vir
2007-05-19 13:34:23 A------- 724 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\fileurns.bak.vir
2007-05-19 13:34:23 A------- 584,170 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\fileurns.cache.vir
2007-05-19 13:34:46 A------- 2,492 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\version.xml.vir
2007-05-19 13:34:46 A------- 21,557 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\simpp.xml.vir
2007-05-19 13:34:53 A------- 225 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\update.xml.vir
2007-05-19 13:36:23 A------- 2,179 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\createtimes.cache.vir
2007-05-19 13:49:49 A------- 87 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\filters.props.vir
2007-05-19 13:49:49 A------- 148 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\questions.props.vir
2007-05-19 13:49:49 A------- 654 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\tables.props.vir
2007-05-19 13:49:49 A------- 583,423 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\spam.dat.vir
2007-05-19 13:49:50 A------- 82 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\responses.cache.vir
2007-05-19 13:49:50 A------- 14,655 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\ttree.cache.vir
2007-08-14 14:31:28 A------- 6 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\themes\windows_theme\version.txt.vir
2007-08-14 14:31:28 A------- 55,600 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\414splashfree.png.vir
2007-08-14 14:31:41 A------- 203 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mojito.props.vir
2007-08-17 22:17:00 A------- 36 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Messenger Plus!\global.dat.vir
2007-09-10 08:03:21 AC------ 7,723 C:\Qoobox\Quarantine\C\WINDOWS\system32\lnoqr.ini.vir
2007-09-10 08:03:55 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\lnoqr.bak1.vir
2007-09-10 14:48:05 AC------ 6,550 C:\Qoobox\Quarantine\C\WINDOWS\system32\tvutv.ini.vir
2007-09-10 14:48:37 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\tvutv.bak1.vir
2007-09-10 18:21:14 AC------ 6,550 C:\Qoobox\Quarantine\C\WINDOWS\system32\ayxyb.ini.vir
2007-09-10 18:21:46 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\ayxyb.bak1.vir
2007-09-10 21:21:03 AC------ 7,049 C:\Qoobox\Quarantine\C\WINDOWS\system32\lmnpo.ini.vir
2007-09-10 21:21:35 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\lmnpo.bak1.vir
2007-09-11 16:58:04 AC------ 6,831 C:\Qoobox\Quarantine\C\WINDOWS\system32\kknmp.ini.vir
2007-09-11 16:58:39 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\kknmp.bak1.vir
2007-09-11 21:56:04 AC------ 6,550 C:\Qoobox\Quarantine\C\WINDOWS\system32\suxbc.ini.vir
2007-09-11 21:56:35 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\suxbc.bak1.vir
2007-09-12 07:54:20 AC------ 7,374 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkkj.ini.vir
2007-09-12 07:54:51 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkkj.bak1.vir
2007-09-12 21:09:51 AC------ 6,689 C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvyb.ini.vir
2007-09-12 21:10:23 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\uvvyb.bak1.vir
2007-09-13 14:52:09 AC------ 6,864 C:\Qoobox\Quarantine\C\WINDOWS\system32\xxabc.ini.vir
2007-09-13 14:52:40 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\xxabc.bak1.vir
2007-09-13 22:08:11 AC------ 6,550 C:\Qoobox\Quarantine\C\WINDOWS\system32\prqss.ini.vir
2007-09-13 22:08:41 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\prqss.bak1.vir
2007-09-14 14:46:57 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\suxbc.bak2.vir
2007-09-14 17:29:27 AC------ 14,432 C:\Qoobox\Quarantine\C\WINDOWS\system32\llkkj.ini.vir
2007-09-14 17:30:02 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\llkkj.bak1.vir
2007-09-14 18:25:14 AC------ 6,701 C:\Qoobox\Quarantine\C\WINDOWS\system32\xxabc.bak2.vir
2007-09-17 16:24:18 A------- 7,077 C:\Qoobox\Quarantine\C\WINDOWS\system32\abefe.ini.vir
2007-09-17 16:24:50 A------- 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\abefe.bak1.vir
2007-09-17 17:25:05 AC------ 6,630 C:\Qoobox\Quarantine\C\WINDOWS\system32\ikjlm.ini.vir
2007-09-17 17:25:36 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\ikjlm.bak1.vir
2007-09-18 22:34:06 AC------ 6,630 C:\Qoobox\Quarantine\C\WINDOWS\system32\rutss.ini.vir
2007-09-18 22:34:38 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\rutss.bak1.vir
2007-09-19 21:12:56 AC------ 14,174 C:\Qoobox\Quarantine\C\WINDOWS\system32\llkkj.bak2.vir
2007-09-20 00:29:24 AC------ 29,861 C:\Qoobox\Quarantine\C\WINDOWS\system32\porqr.ini.vir
2007-09-20 00:30:00 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\porqr.bak1.vir
2007-09-20 08:12:09 AC------ 28,368 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghggh.ini.vir
2007-09-20 08:12:41 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghggh.bak1.vir
2007-09-20 17:53:54 AC------ 6,610 C:\Qoobox\Quarantine\C\WINDOWS\system32\vwxyb.ini.vir
2007-09-20 17:54:26 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\vwxyb.bak1.vir
2007-09-20 19:20:39 AC------ 6,570 C:\Qoobox\Quarantine\C\WINDOWS\system32\kjiii.ini.vir
2007-09-20 19:21:09 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\kjiii.bak1.vir
2007-09-22 14:01:03 AC------ 7,526 C:\Qoobox\Quarantine\C\WINDOWS\system32\kmoqr.ini.vir
2007-09-22 14:01:34 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\kmoqr.bak1.vir
2007-09-23 16:14:54 AC------ 7,396 C:\Qoobox\Quarantine\C\WINDOWS\system32\rqsut.ini.vir
2007-09-23 16:15:24 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\rqsut.bak1.vir
2007-09-24 00:04:36 AC------ 6,510 C:\Qoobox\Quarantine\C\WINDOWS\system32\ttsut.ini.vir
2007-09-24 00:05:09 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\ttsut.bak1.vir
2007-09-24 08:06:29 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\jikmp.bak1.vir
2007-09-24 16:14:16 AC------ 7,084 C:\Qoobox\Quarantine\C\WINDOWS\system32\fgjjl.ini.vir
2007-09-24 16:14:50 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\fgjjl.bak1.vir
2007-09-24 18:01:09 AC------ 7,458 C:\Qoobox\Quarantine\C\WINDOWS\system32\svutv.ini.vir
2007-09-24 18:01:45 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\svutv.bak1.vir
2007-09-24 22:50:58 AC------ 6,736 C:\Qoobox\Quarantine\C\WINDOWS\system32\lknmp.ini.vir
2007-09-24 22:51:32 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\lknmp.bak1.vir
2007-09-25 17:14:53 AC------ 7,145 C:\Qoobox\Quarantine\C\WINDOWS\system32\orsut.ini.vir
2007-09-25 17:15:28 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\orsut.bak1.vir
2007-09-25 21:45:16 AC------ 6,510 C:\Qoobox\Quarantine\C\WINDOWS\system32\dcdgh.ini.vir
2007-09-25 21:45:48 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\dcdgh.bak1.vir
2007-09-27 08:08:38 AC------ 7,305 C:\Qoobox\Quarantine\C\WINDOWS\system32\bbeeg.ini.vir
2007-09-27 08:09:26 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\bbeeg.bak1.vir
2007-09-28 08:09:53 AC------ 6,480 C:\Qoobox\Quarantine\C\WINDOWS\system32\fgjlm.bak1.vir
2007-09-28 17:58:15 AC------ 7,625 C:\Qoobox\Quarantine\C\WINDOWS\system32\fgjlm.tmp.vir
2007-09-28 17:58:16 AC------ 0 C:\Qoobox\Quarantine\C\WINDOWS\system32\xxabc.tmp.vir
2007-09-28 17:58:54 AC------ 28,863 C:\Qoobox\Quarantine\C\WINDOWS\system32\ghggh.bak2.vir
2007-09-28 17:59:05 AC------ 693,472 C:\Qoobox\Quarantine\C\WINDOWS\system32\nxpvsfdk.ini.vir
2007-09-28 18:00:49 AC------ 7,176 C:\Qoobox\Quarantine\C\WINDOWS\system32\jikmp.tmp.vir
2007-09-28 18:01:19 AC------ 28,040 C:\Qoobox\Quarantine\C\WINDOWS\system32\porqr.bak2.vir
2007-09-28 18:01:20 AC------ 693,841 C:\Qoobox\Quarantine\C\WINDOWS\system32\hsamecud.ini.vir
2007-10-01 00:08:15 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\xbeeg.ini.vir
2007-10-01 00:08:45 AC------ 6,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\xbeeg.bak1.vir
2007-10-02 19:23:09 AC------ 694,252 C:\Qoobox\Quarantine\C\WINDOWS\system32\yejlsjhb.ini.vir
2007-10-03 21:05:18 AC------ 694,372 C:\Qoobox\Quarantine\C\WINDOWS\system32\yfrdisor.ini.vir
2007-10-04 21:07:19 AC------ 694,672 C:\Qoobox\Quarantine\C\WINDOWS\system32\sbygvgum.ini.vir
2007-10-06 00:32:15 AC------ 694,861 C:\Qoobox\Quarantine\C\WINDOWS\system32\ponxjpwh.ini.vir
2007-10-06 16:07:35 AC------ 695,092 C:\Qoobox\Quarantine\C\WINDOWS\system32\khhpbuqj.ini.vir
2007-10-06 18:00:33 AC------ 38,656 C:\Qoobox\Quarantine\C\WINDOWS\system32\yyccf.ini.vir
2007-10-06 18:01:22 AC------ 6,363 C:\Qoobox\Quarantine\C\WINDOWS\system32\yyccf.bak1.vir
2007-10-08 20:50:18 A------- 37,079 C:\Qoobox\Quarantine\C\WINDOWS\system32\yyccf.bak2.vir
2007-10-08 20:59:50 AC------ 354 C:\Qoobox\Quarantine\C\WINDOWS\system32\owlktjbm.ini.vir
2009-03-11 23:35:12 A------- 68 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\versions.props.vir
2009-03-11 23:35:13 A------- 69 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest.vir
2009-03-11 23:35:13 A------- 132 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest.vir
2009-03-11 23:35:13 A------- 144 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest.vir
2009-03-11 23:35:13 A------- 552 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest.vir
2009-03-11 23:35:13 A------- 774 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest.vir
2009-03-11 23:35:13 A------- 1,002 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\README.txt.vir
2009-03-11 23:35:13 A------- 8,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll.vir
2009-03-11 23:35:13 A------- 20,480 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll.vir
2009-03-11 23:35:13 A------- 30,826 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\LICENSE.vir
2009-03-11 23:35:13 A------- 39,680 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar.vir
2009-03-11 23:35:13 A------- 257,165 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar.vir
2009-03-11 23:35:13 A------- 316,463 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar.vir
2009-03-11 23:35:13 A------- 332,558 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar.vir
2009-03-11 23:35:13 A------- 777,705 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar.vir
2009-03-11 23:35:13 A------- 1,907,054 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar.vir
2009-03-11 23:35:14 A------- 174 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt.vir
2009-03-11 23:35:14 A------- 188 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt.vir
2009-03-11 23:35:14 A------- 201 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt.vir
2009-03-11 23:35:14 A------- 211 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt.vir
2009-03-11 23:35:14 A------- 211 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt.vir
2009-03-11 23:35:14 A------- 226 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt.vir
2009-03-11 23:35:14 A------- 233 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt.vir
2009-03-11 23:35:14 A------- 285 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt.vir
2009-03-11 23:35:14 A------- 296 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt.vir
2009-03-11 23:35:14 A------- 299 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt.vir
2009-03-11 23:35:14 A------- 302 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt.vir
2009-03-11 23:35:14 A------- 312 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt.vir
2009-03-11 23:35:14 A------- 326 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt.vir
2009-03-11 23:35:14 A------- 344 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt.vir
2009-03-11 23:35:14 A------- 349 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt.vir
2009-03-11 23:35:14 A------- 373 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\directory.xpt.vir
2009-03-11 23:35:14 A------- 377 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom.xpt.vir
2009-03-11 23:35:14 A------- 437 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt.vir
2009-03-11 23:35:14 A------- 451 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt.vir
2009-03-11 23:35:14 A------- 488 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt.vir
2009-03-11 23:35:14 A------- 517 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest.vir
2009-03-11 23:35:14 A------- 530 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt.vir
2009-03-11 23:35:14 A------- 543 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt.vir
2009-03-11 23:35:14 A------- 551 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt.vir
2009-03-11 23:35:14 A------- 599 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt.vir
2009-03-11 23:35:14 A------- 605 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt.vir
2009-03-11 23:35:14 A------- 645 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\intl.xpt.vir
2009-03-11 23:35:14 A------- 679 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt.vir
2009-03-11 23:35:14 A------- 693 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt.vir
2009-03-11 23:35:14 A------- 694 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt.vir
2009-03-11 23:35:14 A------- 700 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt.vir
2009-03-11 23:35:14 A------- 724 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt.vir
2009-03-11 23:35:14 A------- 755 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\composer.xpt.vir
2009-03-11 23:35:14 A------- 845 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt.vir
2009-03-11 23:35:14 A------- 874 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt.vir
2009-03-11 23:35:14 A------- 893 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt.vir
2009-03-11 23:35:14 A------- 911 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt.vir
2009-03-11 23:35:14 A------- 960 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt.vir
2009-03-11 23:35:14 A------- 1,019 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt.vir
2009-03-11 23:35:14 A------- 1,036 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\find.xpt.vir
2009-03-11 23:35:14 A------- 1,081 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt.vir
2009-03-11 23:35:14 A------- 1,240 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt.vir
2009-03-11 23:35:14 A------- 1,260 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\locale.xpt.vir
2009-03-11 23:35:14 A------- 1,263 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt.vir
2009-03-11 23:35:14 A------- 1,282 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt.vir
2009-03-11 23:35:14 A------- 1,326 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt.vir
2009-03-11 23:35:14 A------- 1,346 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jar.xpt.vir
2009-03-11 23:35:14 A------- 1,417 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt.vir
2009-03-11 23:35:14 A------- 1,451 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt.vir
2009-03-11 23:35:14 A------- 1,475 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt.vir
2009-03-11 23:35:14 A------- 1,508 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt.vir
2009-03-11 23:35:14 A------- 1,512 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js.vir
2009-03-11 23:35:14 A------- 1,648 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt.vir
2009-03-11 23:35:14 A------- 1,784 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt.vir
2009-03-11 23:35:14 A------- 1,789 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt.vir
2009-03-11 23:35:14 A------- 1,930 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt.vir
2009-03-11 23:35:14 A------- 1,981 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt.vir
2009-03-11 23:35:14 A------- 2,008 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt.vir
2009-03-11 23:35:14 A------- 2,122 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt.vir
2009-03-11 23:35:14 A------- 2,232 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt.vir
2009-03-11 23:35:14 A------- 2,469 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\caps.xpt.vir
2009-03-11 23:35:14 A------- 2,502 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt.vir
2009-03-11 23:35:14 A------- 2,512 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt.vir
2009-03-11 23:35:14 A------- 2,547 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt.vir
2009-03-11 23:35:14 A------- 2,595 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt.vir
2009-03-11 23:35:14 A------- 2,602 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt.vir
2009-03-11 23:35:14 A------- 2,621 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt.vir
2009-03-11 23:35:14 A------- 3,021 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt.vir
2009-03-11 23:35:14 A------- 3,104 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js.vir
2009-03-11 23:35:14 A------- 3,274 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt.vir
2009-03-11 23:35:14 A------- 3,603 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt.vir
2009-03-11 23:35:14 A------- 3,731 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt.vir
2009-03-11 23:35:14 A------- 3,831 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt.vir
2009-03-11 23:35:14 A------- 6,029 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt.vir
2009-03-11 23:35:14 A------- 6,869 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt.vir
2009-03-11 23:35:14 A------- 7,301 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt.vir
2009-03-11 23:35:14 A------- 7,408 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt.vir
2009-03-11 23:35:14 A------- 9,066 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt.vir
2009-03-11 23:35:14 A------- 9,477 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt.vir
2009-03-11 23:35:14 A------- 10,441 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt.vir
2009-03-11 23:35:14 A------- 11,557 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\editor.xpt.vir
2009-03-11 23:35:14 A------- 11,677 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js.vir
2009-03-11 23:35:14 A------- 11,997 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt.vir
2009-03-11 23:35:14 A------- 17,129 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\necko.xpt.vir
2009-03-11 23:35:14 A------- 17,408 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\auth.dll.vir
2009-03-11 23:35:14 A------- 18,049 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt.vir
2009-03-11 23:35:14 A------- 18,944 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll.vir
2009-03-11 23:35:14 A------- 19,182 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt.vir
2009-03-11 23:35:14 A------- 20,480 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll.vir
2009-03-11 23:35:14 A------- 23,460 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt.vir
2009-03-11 23:35:14 A------- 66,215 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js.vir
2009-03-11 23:35:15 A------- 172 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt.vir
2009-03-11 23:35:15 A------- 212 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt.vir
2009-03-11 23:35:15 A------- 287 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt.vir
2009-03-11 23:35:15 A------- 377 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt.vir
2009-03-11 23:35:15 A------- 537 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt.vir
2009-03-11 23:35:15 A------- 628 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt.vir
2009-03-11 23:35:15 A------- 652 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\profile.xpt.vir
2009-03-11 23:35:15 A------- 718 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt.vir
2009-03-11 23:35:15 A------- 759 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt.vir
2009-03-11 23:35:15 A------- 1,011 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt.vir
2009-03-11 23:35:15 A------- 1,060 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt.vir
2009-03-11 23:35:15 A------- 1,088 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt.vir
2009-03-11 23:35:15 A------- 1,120 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\oji.xpt.vir
2009-03-11 23:35:15 A------- 1,179 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt.vir
2009-03-11 23:35:15 A------- 1,181 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt.vir
2009-03-11 23:35:15 A------- 1,258 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt.vir
2009-03-11 23:35:15 A------- 1,293 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt.vir
2009-03-11 23:35:15 A------- 1,491 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt.vir
2009-03-11 23:35:15 A------- 2,074 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt.vir
2009-03-11 23:35:15 A------- 2,369 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt.vir
2009-03-11 23:35:15 A------- 2,646 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\update.xpt.vir
2009-03-11 23:35:15 A------- 2,713 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt.vir
2009-03-11 23:35:15 A------- 2,793 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt.vir
2009-03-11 23:35:15 A------- 2,958 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt.vir
2009-03-11 23:35:15 A------- 3,040 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt.vir
2009-03-11 23:35:15 A------- 3,097 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js.vir
2009-03-11 23:35:15 A------- 3,142 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js.vir
2009-03-11 23:35:15 A------- 3,155 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\storage.xpt.vir
2009-03-11 23:35:15 A------- 3,185 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt.vir
2009-03-11 23:35:15 A------- 3,268 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js.vir
2009-03-11 23:35:15 A------- 3,290 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pref.xpt.vir
2009-03-11 23:35:15 A------- 4,302 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js.vir
2009-03-11 23:35:15 A------- 4,805 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js.vir
2009-03-11 23:35:15 A------- 4,908 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt.vir
2009-03-11 23:35:15 A------- 5,005 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js.vir
2009-03-11 23:35:15 A------- 5,145 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt.vir
2009-03-11 23:35:15 A------- 5,510 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt.vir
2009-03-11 23:35:15 A------- 5,737 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js.vir
2009-03-11 23:35:15 A------- 6,265 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js.vir
2009-03-11 23:35:15 A------- 6,667 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js.vir
2009-03-11 23:35:15 A------- 6,920 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js.vir
2009-03-11 23:35:15 A------- 7,049 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js.vir
2009-03-11 23:35:15 A------- 8,278 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js.vir
2009-03-11 23:35:15 A------- 9,790 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js.vir
2009-03-11 23:35:15 A------- 11,095 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt.vir
2009-03-11 23:35:15 A------- 11,151 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\widget.xpt.vir
2009-03-11 23:35:15 A------- 11,652 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\places.xpt.vir
2009-03-11 23:35:15 A------- 12,844 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt.vir
2009-03-11 23:35:15 A------- 13,682 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js.vir
2009-03-11 23:35:15 A------- 15,872 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll.vir
2009-03-11 23:35:15 A------- 19,968 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pippki.dll.vir
2009-03-11 23:35:15 A------- 20,992 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll.vir
2009-03-11 23:35:15 A------- 21,420 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js.vir
2009-03-11 23:35:15 A------- 27,421 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js.vir
2009-03-11 23:35:15 A------- 29,973 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js.vir
2009-03-11 23:35:15 A------- 35,256 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js.vir
2009-03-11 23:35:15 A------- 36,111 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js.vir
2009-03-11 23:35:15 A------- 37,314 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js.vir
2009-03-11 23:35:15 A------- 40,367 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js.vir
2009-03-11 23:35:15 A------- 42,010 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js.vir
2009-03-11 23:35:15 A------- 44,033 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js.vir
2009-03-11 23:35:15 A------- 49,331 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js.vir
2009-03-11 23:35:15 A------- 51,214 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js.vir
2009-03-11 23:35:15 A------- 110,592 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll.vir
2009-03-11 23:35:15 A------- 112,260 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js.vir
2009-03-11 23:35:15 A------- 200,704 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll.vir
2009-03-11 23:35:15 A------- 225,280 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll.vir
2009-03-11 23:35:15 A------- 282,624 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll.vir
2009-03-11 23:35:15 A------- 331,577 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js.vir
2009-03-11 23:35:16 A------- 47 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\platform.ini.vir
2009-03-11 23:35:16 A------- 56 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\arrow.gif.vir
2009-03-11 23:35:16 A------- 59 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif.vir
2009-03-11 23:35:16 A------- 85 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js.vir
2009-03-11 23:35:16 A------- 87 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js.vir
2009-03-11 23:35:16 A------- 106 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif.vir
2009-03-11 23:35:16 A------- 115 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dependentlibs.list.vir
2009-03-11 23:35:16 A------- 153 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf.vir
2009-03-11 23:35:16 A------- 153 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf.vir
2009-03-11 23:35:16 A------- 198 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt.vir
2009-03-11 23:35:16 A------- 476 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\freebl3.chk.vir
2009-03-11 23:35:16 A------- 613 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt.vir
2009-03-11 23:35:16 A------- 663 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css.vir
2009-03-11 23:35:16 A------- 663 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css.vir
2009-03-11 23:35:16 A------- 771 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt.vir
2009-03-11 23:35:16 A------- 1,078 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css.vir
2009-03-11 23:35:16 A------- 1,078 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css.vir
2009-03-11 23:35:16 A------- 1,111 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt.vir
2009-03-11 23:35:16 A------- 1,209 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt.vir
2009-03-11 23:35:16 A------- 1,560 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt.vir
2009-03-11 23:35:16 A------- 1,743 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt.vir
2009-03-11 23:35:16 A------- 1,861 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\designmode.css.vir
2009-03-11 23:35:16 A------- 1,967 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties.vir
2009-03-11 23:35:16 A------- 2,240 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt.vir
2009-03-11 23:35:16 A------- 2,396 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties.vir
2009-03-11 23:35:16 A------- 2,425 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt.vir
2009-03-11 23:35:16 A------- 2,756 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\debug.js.vir
2009-03-11 23:35:16 A------- 3,114 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff.vir
2009-03-11 23:35:16 A------- 3,378 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js.vir
2009-03-11 23:35:16 A------- 3,558 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\crashreporter.ini.vir
2009-03-11 23:35:16 A------- 3,690 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties.vir
2009-03-11 23:35:16 A------- 3,930 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js.vir
2009-03-11 23:35:16 A------- 4,090 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties.vir
2009-03-11 23:35:16 A------- 5,897 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar.vir
2009-03-11 23:35:16 A------- 6,721 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm.vir
2009-03-11 23:35:16 A------- 7,039 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm.vir
2009-03-11 23:35:16 A------- 7,296 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js.vir
2009-03-11 23:35:16 A------- 7,420 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt.vir
2009-03-11 23:35:16 A------- 7,585 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm.vir
2009-03-11 23:35:16 A------- 7,680 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll.vir
2009-03-11 23:35:16 A------- 8,192 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\mozctlx.dll.vir
2009-03-11 23:35:16 A------- 8,335 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt.vir
2009-03-11 23:35:16 A------- 8,427 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd.vir
2009-03-11 23:35:16 A------- 9,216 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plds4.dll.vir
2009-03-11 23:35:16 A------- 9,504 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties.vir
2009-03-11 23:35:16 A------- 9,998 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm.vir
2009-03-11 23:35:16 A------- 10,240 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll.vir
2009-03-11 23:35:16 A------- 10,740 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css.vir
2009-03-11 23:35:16 A------- 11,264 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plc4.dll.vir
2009-03-11 23:35:16 A------- 11,392 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties.vir
2009-03-11 23:35:16 A------- 11,511 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css.vir
2009-03-11 23:35:16 A------- 17,380 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm.vir
2009-03-11 23:35:16 A------- 30,004 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties.vir
2009-03-11 23:35:16 A------- 38,499 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties.vir
2009-03-11 23:35:16 A------- 56,411 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties.vir
2009-03-11 23:35:16 A------- 57,344 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll.vir
2009-03-11 23:35:16 A------- 58,892 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\utils.js.vir
2009-03-11 23:35:16 A------- 63,788 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd.vir
2009-03-11 23:35:16 A------- 64,412 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js.vir
2009-03-11 23:35:16 A------- 72,872 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\greprefs\all.js.vir
2009-03-11 23:35:16 A------- 73,728 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssutil3.dll.vir
2009-03-11 23:35:16 A------- 98,304 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll.vir
2009-03-11 23:35:16 A------- 159,744 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nspr4.dll.vir
2009-03-11 23:35:16 A------- 163,840 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\crashreporter.exe.vir
2009-03-11 23:35:16 A------- 212,992 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\mozctl.dll.vir
2009-03-11 23:35:16 A------- 229,376 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\freebl3.dll.vir
2009-03-11 23:35:16 A------- 290,816 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nssckbi.dll.vir
2009-03-11 23:35:16 A------- 609,731 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic.vir
2009-03-11 23:35:16 A------- 610,304 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\js3250.dll.vir
2009-03-11 23:35:16 A------- 688,128 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\nss3.dll.vir
2009-03-11 23:35:17 A------- 40 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\version.properties.vir
2009-03-11 23:35:17 A------- 57 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif.vir
2009-03-11 23:35:17 A------- 57 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif.vir
2009-03-11 23:35:17 A------- 57 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif.vir
2009-03-11 23:35:17 A------- 58 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif.vir
2009-03-11 23:35:17 A------- 117 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html.vir
2009-03-11 23:35:17 A------- 122 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif.vir
2009-03-11 23:35:17 A------- 476 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\softokn3.chk.vir
2009-03-11 23:35:17 A------- 619 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\html\folder.png.vir
2009-03-11 23:35:17 A------- 825 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif.vir
2009-03-11 23:35:17 A------- 825 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif.vir
2009-03-11 23:35:17 A------- 825 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif.vir
2009-03-11 23:35:17 A------- 825 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif.vir
2009-03-11 23:35:17 A------- 826 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif.vir
2009-03-11 23:35:17 A------- 826 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif.vir
2009-03-11 23:35:17 A------- 826 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif.vir
2009-03-11 23:35:17 A------- 826 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif.vir
2009-03-11 23:35:17 A------- 835 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif.vir
2009-03-11 23:35:17 A------- 835 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif.vir
2009-03-11 23:35:17 A------- 841 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif.vir
2009-03-11 23:35:17 A------- 841 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif.vir
2009-03-11 23:35:17 A------- 841 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif.vir
2009-03-11 23:35:17 A------- 841 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif.vir
2009-03-11 23:35:17 A------- 858 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\grabber.gif.vir
2009-03-11 23:35:17 A------- 2,080 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties.vir
2009-03-11 23:35:17 A------- 2,295 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\svg.css.vir
2009-03-11 23:35:17 A------- 3,033 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties.vir
2009-03-11 23:35:17 A------- 3,037 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\viewsource.css.vir
2009-03-11 23:35:17 A------- 3,902 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties.vir
2009-03-11 23:35:17 A------- 3,954 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties.vir
2009-03-11 23:35:17 A------- 5,490 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\language.properties.vir
2009-03-11 23:35:17 A------- 5,493 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties.vir
2009-03-11 23:35:17 A------- 5,649 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties.vir
2009-03-11 23:35:17 A------- 6,308 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\ua.css.vir
2009-03-11 23:35:17 A------- 6,719 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties.vir
2009-03-11 23:35:17 A------- 9,728 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpcom.dll.vir
2009-03-11 23:35:17 A------- 11,096 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\html.css.vir
2009-03-11 23:35:17 A------- 11,608 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\quirk.css.vir
2009-03-11 23:35:17 A------- 14,664 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\mathml.css.vir
2009-03-11 23:35:17 A------- 14,848 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpcshell.exe.vir
2009-03-11 23:35:17 A------- 15,416 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\res\forms.css.vir
2009-03-11 23:35:17 A------- 77,824 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe.vir
2009-03-11 23:35:17 A------- 98,304 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\smime3.dll.vir
2009-03-11 23:35:17 A------- 126,976 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\ssl3.dll.vir
2009-03-11 23:35:17 A------- 143,360 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\softokn3.dll.vir
2009-03-11 23:35:17 A------- 196,608 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\updater.exe.vir
2009-03-11 23:35:17 A------- 266,240 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpidl.exe.vir
2009-03-11 23:35:17 A------- 409,600 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\sqlite3.dll.vir
2009-03-11 23:35:18 A------- 18,432 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe.vir
2009-03-11 23:35:19 A------- 14,336 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xpt_link.exe.vir
2009-03-11 23:35:19 A------- 8,462,336 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xul.dll.vir
2009-03-11 23:35:22 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove.vir
2009-03-11 23:35:22 A------- 187 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest.vir
2009-03-11 23:35:22 A------- 8,555 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar.vir
2009-03-11 23:35:22 A------- 73,728 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe.vir
2009-03-11 23:35:22 A------- 102,400 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\xulrunner.exe.vir
2009-03-11 23:35:22 A------- 348,160 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll.vir
2009-03-11 23:35:22 A------- 499,712 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL.vir
2009-03-11 23:35:35 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\history.dat.vir
2009-03-11 23:35:36 A------- 99,437 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\xpti.dat.vir
2009-03-11 23:35:37 A------- 1,236,888 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\XPC.mfl.vir
2009-03-11 23:35:39 A------- 133,860 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\compreg.dat.vir
2009-03-11 23:35:40 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\.autoreg.vir
2009-03-11 23:35:40 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\extensions.cache.vir
2009-03-11 23:35:40 A------- 30 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\extensions.ini.vir
2009-03-11 23:35:40 A------- 367 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\prefs.js.vir
2009-03-11 23:35:40 A------- 2,048 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\downloads.sqlite.vir
2009-03-11 23:35:41 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\places.sqlite-journal.vir
2009-03-11 23:35:41 A------- 131,072 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\places.sqlite.vir
2009-03-11 23:36:02 A------- 3,899 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\library5.dat.vir
2009-03-11 23:36:03 A------- 2,048 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\permissions.sqlite.vir
2009-03-11 23:36:05 A------- 3,675 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\downloads.dat.vir
2009-03-11 23:36:07 A------- 16,384 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\secmod.db.vir
2009-03-11 23:36:12 A------- 65,536 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\cert8.db.vir
2009-03-11 23:36:13 A------- 16,384 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\key3.db.vir
2009-03-11 23:36:14 A------- 2,048 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\cookies.sqlite.vir
2009-03-11 23:36:15 A------- 276 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_.vir
2009-03-11 23:36:15 A------- 7,273 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_.vir
2009-03-11 23:36:15 A------- 16,006 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_.vir
2009-03-11 23:36:15 A------- 66,864 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_.vir
2009-03-11 23:36:18 A------- 60,007 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Cd01.vir
2009-03-11 23:36:18 A------- 181,963 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFFd01.vir
2009-03-11 23:36:20 A------- 16 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.lck.vir
2009-03-11 23:36:20 A------- 435,501 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\data\audio.sxml3.vir
2009-03-11 23:36:21 A------- 436 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.properties.vir
2009-03-11 23:36:22 A------- 22,759 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01.vir
2009-03-11 23:36:22 A------- 1,945,394 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.log.vir
2009-03-11 23:36:23 A------- 1,048,576 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\promotion\promodb.data.vir
2009-03-11 23:36:31 A------- 9,081 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\pluginreg.dat.vir
2009-03-11 23:36:38 A------- 314,267 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\3816C1E5d01.vir
2009-03-11 23:36:41 A------- 565,987 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\mozilla-profile\Cache\6B5B8EF7d01.vir
2009-03-11 23:37:10 A------- 7,889 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\certificate\limewire.keystore.vir
2009-03-11 23:45:13 A------- 6,857 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Application Data\LimeWire\xml\data\video.sxml3.vir
2009-03-13 19:02:04 A------- 8,975,728 C:\Qoobox\Quarantine\C\Program Files\Norton Security Scan\NSS.exe.replace.vir
2009-03-15 14:52:21 A------- 31,232 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmpsxmqww.dll.vir
2009-03-15 14:52:26 A------- 127 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACykmnlbar.dat.vir
2009-03-15 14:52:27 A------- 27,136 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrnijxvkb.dll.vir
2009-03-15 14:52:29 A------- 24,576 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACakyfuxhl.dll.vir
2009-03-15 14:52:30 A------- 18,944 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACxekylumx.dll.vir
2009-03-15 14:52:31 A------- 414,144 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdjnosotp.db.vir
2009-03-15 14:52:34 A------- 34,816 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkdihtbue.dll.vir
2009-03-15 14:52:36 A------- 5,180 C:\Qoobox\Quarantine\C\WINDOWS\system32\uacinit.dll.vir
2009-03-15 14:52:38 A------- 192,623 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsoyswvke.log.vir
2009-03-15 17:04:01 A------- 1,896,749 C:\Qoobox\Quarantine\C\WINDOWS\system32\uactmp.db.vir
2009-03-21 00:29:16 A------- 672,024 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\aAvgApi.exe.vir
2009-03-21 00:29:26 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log.lock.vir
2009-03-21 00:29:26 A------- 14,102 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgldr.log.vir
2009-03-21 00:29:34 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock.vir
2009-03-21 00:29:35 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log.lock.vir
2009-03-21 00:29:35 A------- 89,198 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgwdsvc.log.vir
2009-03-21 00:29:36 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.lock.vir
2009-03-21 00:29:36 A------- 6,013 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\history.xml.vir
2009-03-21 00:29:36 A------- 439,912 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.vir
2009-03-21 00:29:36 A------- 1,024,098 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.1.vir
2009-03-21 00:29:36 A------- 1,024,566 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log.2.vir
2009-03-21 00:29:37 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log.lock.vir
2009-03-21 00:29:37 A------- 64,114 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log.vir
2009-03-21 00:29:38 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.lock.vir
2009-03-21 00:29:38 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.lock.vir
2009-03-21 00:29:38 A------- 774 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\krnl.cfg.vir
2009-03-21 00:29:38 A------- 2,874 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Temp\69c663e3-0f76-4d35-8782-30f5eb2940f7-f6c-oopp.tmp.vir
2009-03-21 00:29:38 A------- 6,260 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\CfgAll\changecfgreg.cfg.vir
2009-03-21 00:29:38 A------- 15,311 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\scan.cfg.vir
2009-03-21 00:29:38 A------- 120,878 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log.vir
2009-03-21 00:29:38 A------- 317,262 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log.vir
2009-03-21 00:29:50 A------- 152 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\user.cfg.vir
2009-03-21 00:29:51 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log.lock.vir
2009-03-21 00:29:51 A------- 36,152 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log.vir
2009-03-21 00:30:06 A------- 2,260 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\sched.cfg.vir
2009-03-21 00:30:12 A------- 238 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\malrep.cfg.vir
2009-03-21 00:30:20 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgupd.log.lock.vir
2009-03-21 00:30:20 A------- 471,256 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgupd.log.vir
2009-03-21 00:30:21 A------- 1,775 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\update.cfg.vir
2009-03-21 00:30:28 A------- 34,810,896 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\prepare\incavi.avm.vir
2009-03-21 00:30:49 A------- 145,699 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare.vir
2009-03-21 00:30:51 A------- 2,058 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare.vir
2009-03-21 00:30:56 A------- 2,372 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\backup\sb2.dat.vir
2009-03-21 00:30:56 A------- 126,524 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\backup\sc.dat.vir
2009-03-21 00:30:56 A------- 335,108 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\backup\sb.dat.vir
2009-03-21 00:31:07 A------- 306 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\CfgAll\updateall.cfg.vir
2009-03-21 00:31:09 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\fixcfg.log.lock.vir
2009-03-21 00:31:09 A------- 2,206 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\fixcfg.log.vir
2009-03-21 00:34:30 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgfrw.log.lock.vir
2009-03-21 00:34:30 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log.lock.vir
2009-03-21 00:34:30 A------- 1,004 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgfrw.log.vir
2009-03-21 00:34:36 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log.lock.vir
2009-03-21 00:34:36 A------- 7,864 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgsrm.log.vir
2009-03-21 00:34:59 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log.lock.vir
2009-03-21 00:34:59 A------- 17,982 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgscan.log.vir
2009-03-21 00:35:01 A------- 12 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\scanlogs\srm.idx.vir
2009-03-21 00:35:01 A------- 150,355 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\scanlogs\I_00000005.log.vir
2009-03-21 00:35:02 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log.lock.vir
2009-03-21 00:35:03 A------- 5,264 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\commonpriv.log.vir
2009-03-21 00:42:32 A------- 24 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\vvfolder.idx.vir
2009-03-21 00:42:32 A------- 709 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000001.fil.vir
2009-03-21 00:42:32 A------- 2,793 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000002.fil.vir
2009-03-21 00:42:34 A------- 890 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000004.fil.vir
2009-03-21 00:42:34 A------- 1,867 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000003.fil.vir
2009-03-21 00:42:35 A------- 778 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000005.fil.vir
2009-03-21 00:42:35 A------- 1,607 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000006.fil.vir
2009-03-21 00:42:36 A------- 518 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000007.fil.vir
2009-03-21 00:42:36 A------- 717 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000009.fil.vir
2009-03-21 00:42:36 A------- 2,267 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000008.fil.vir
2009-03-21 00:42:37 A------- 544 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000010.fil.vir
2009-03-21 00:42:38 A------- 514 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000011.fil.vir
2009-03-21 00:42:39 A------- 492 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000012.fil.vir
2009-03-21 00:42:40 A------- 585 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000014.fil.vir
2009-03-21 00:42:40 A------- 592 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000013.fil.vir
2009-03-21 00:42:41 A------- 1,300 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000015.fil.vir
2009-03-21 00:42:42 A------- 703 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000016.fil.vir
2009-03-21 00:42:45 A------- 760 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000017.fil.vir
2009-03-21 00:42:46 A------- 645 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000018.fil.vir
2009-03-21 00:42:47 A------- 2,141 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000019.fil.vir
2009-03-21 00:42:49 A------- 608 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000020.fil.vir
2009-03-21 00:42:50 A------- 575 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000021.fil.vir
2009-03-21 00:42:55 A------- 644 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000023.fil.vir
2009-03-21 00:42:55 A------- 682 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000022.fil.vir
2009-03-21 00:42:55 A------- 757 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000024.fil.vir
2009-03-21 00:42:57 A------- 557 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000025.fil.vir
2009-03-21 00:42:59 A------- 1,361 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000026.fil.vir
2009-03-21 00:43:00 A------- 548 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000027.fil.vir
2009-03-21 00:43:00 A------- 904 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000028.fil.vir
2009-03-21 00:43:01 A------- 593 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000029.fil.vir
2009-03-21 00:43:01 A------- 2,535 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000030.fil.vir
2009-03-21 00:43:02 A------- 696 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000032.fil.vir
2009-03-21 00:43:02 A------- 850 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000031.fil.vir
2009-03-21 00:43:02 A------- 4,949 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000033.fil.vir
2009-03-21 00:43:04 A------- 1,084 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000034.fil.vir
2009-03-21 00:43:04 A------- 3,801 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000035.fil.vir
2009-03-21 00:43:05 A------- 3,800 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000037.fil.vir
2009-03-21 00:43:05 A------- 3,805 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000036.fil.vir
2009-03-21 00:43:05 A------- 3,805 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000038.fil.vir
2009-03-21 00:43:06 A------- 533 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000039.fil.vir
2009-03-21 00:43:06 A------- 1,357 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000040.fil.vir
2009-03-21 00:43:07 A------- 1,141 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000043.fil.vir
2009-03-21 00:43:07 A------- 1,278 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000042.fil.vir
2009-03-21 00:43:07 A------- 1,621 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000041.fil.vir
2009-03-21 00:43:09 A------- 603 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000045.fil.vir
2009-03-21 00:43:09 A------- 3,180 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000044.fil.vir
2009-03-21 00:43:10 A------- 1,639 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000046.fil.vir
2009-03-21 00:43:12 A------- 515 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000048.fil.vir
2009-03-21 00:43:12 A------- 1,589 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000047.fil.vir
2009-03-21 00:43:23 A------- 567 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000049.fil.vir
2009-03-21 00:43:24 A------- 809 C:\Qoobox\Quarantine\C\$AVG8.VAULT$\V_00000050.fil.vir
2009-03-21 08:54:14 A------- 0 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgcfg.log.lock.vir
2009-03-21 09:06:19 A------- 224 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\mail.cfg.vir
2009-03-22 23:45:53 A------- 71,040 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_003903_.tmp.dll.vir
2009-03-22 23:45:55 A------- 132,096 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003929_.tmp.dll.vir
2009-03-22 23:45:56 A------- 101,888 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003931_.tmp.dll.vir
2009-03-22 23:45:56 A------- 146,432 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003930_.tmp.dll.vir
2009-03-22 23:45:56 A------- 1,846,272 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003932_.tmp.dll.vir
2009-03-22 23:45:59 A------- 22,040 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003940_.tmp.dll.vir
2009-03-22 23:45:59 A------- 50,688 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003941_.tmp.dll.vir
2009-03-22 23:45:59 A------- 96,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003939_.tmp.dll.vir
2009-03-22 23:46:00 A------- 64,000 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003949_.tmp.dll.vir
2009-03-22 23:46:00 A------- 108,032 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003944_.tmp.dll.vir
2009-03-22 23:46:00 A------- 144,896 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003945_.tmp.dll.vir
2009-03-22 23:46:00 A------- 415,744 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003948_.tmp.dll.vir
2009-03-22 23:46:00 A------- 983,552 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003942_.tmp.dll.vir
2009-03-22 23:46:01 A------- 58,880 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003951_.tmp.dll.vir
2009-03-22 23:46:01 A------- 61,440 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003952_.tmp.dll.vir
2009-03-22 23:46:01 A------- 236,544 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003955_.tmp.dll.vir
2009-03-22 23:46:01 A------- 657,920 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003953_.tmp.dll.vir
2009-03-22 23:46:02 A------- 8,192 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003963_.tmp.dll.vir
2009-03-22 23:46:02 A------- 13,824 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003973_.tmp.dll.vir
2009-03-22 23:46:02 A------- 37,888 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003958_.tmp.dll.vir
2009-03-22 23:46:02 A------- 129,536 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003966_.tmp.dll.vir
2009-03-22 23:46:02 A------- 249,270 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003972_.tmp.dll.vir
2009-03-22 23:46:02 A------- 341,504 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003971_.tmp.dll.vir
2009-03-22 23:46:02 A------- 550,912 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003959_.tmp.dll.vir
2009-03-22 23:46:02 A------- 708,096 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003964_.tmp.dll.vir
2009-03-22 23:46:02 A------- 721,920 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003969_.tmp.dll.vir
2009-03-22 23:46:02 A------- 984,576 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003974_.tmp.dll.vir
2009-03-22 23:46:03 A------- 32,768 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003980_.tmp.dll.vir
2009-03-22 23:46:03 A------- 111,616 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003978_.tmp.dll.vir
2009-03-22 23:46:03 A------- 135,168 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003979_.tmp.dll.vir
2009-03-22 23:46:03 A------- 144,384 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003975_.tmp.dll.vir
2009-03-22 23:46:03 A------- 276,992 C:\Qoobox\Quarantine\C\WINDOWS\system32\_003981_.tmp.dll.vir
2009-03-27 19:47:33 A------- 262,144 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Local Settings\Application Data\goqqe.exe.vir
2009-03-27 19:47:57 A------- 333 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Local Settings\Application Data\goqqe_navps.dat.vir
2009-03-27 19:47:57 A------- 3,007 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Local Settings\Application Data\goqqe.dat.vir
2009-03-27 19:47:57 A------- 325,613 C:\Qoobox\Quarantine\C\Documents and Settings\Any Authorised User\Local Settings\Application Data\goqqe_nav.dat.vir
2009-03-29 14:44:19 A------- 66,048 C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqjyidmwc.dll.vir
2009-03-30 06:22:53 A------- 59,255 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\x8xplsb_46d45p7.bin.vir
2009-03-31 18:12:11 A------- 2,624 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\x8xplsb2_63cz.bin.vir
2009-04-01 13:37:01 A------- 1,917 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\x8xplsc_72d69se.bin.vir
2009-04-01 21:48:36 A------- 1,642 C:\Qoobox\Quarantine\catchme.log
2009-04-01 21:52:11 A------- 1,382 C:\Qoobox\Quarantine\Registry_backups\Service_UACd.sys.reg.dat
2009-04-01 21:52:12 A------- 62,802 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACxepxmkti_.sys.zip
2009-04-01 22:04:35 A------- 8,276 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-04-01 22:13:30 A------- 234 C:\Qoobox\Quarantine\Registry_backups\BHO-{07AA283A-43D7-4CBE-A064-32A21112D94D}.reg.dat
2009-04-01 22:13:32 A------- 117 C:\Qoobox\Quarantine\Registry_backups\Toolbar-{07AA283A-43D7-4CBE-A064-32A21112D94D}.reg.dat
2009-04-01 22:13:34 A------- 171 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{07AA283A-43D7-4CBE-A064-32A21112D94D}.reg.dat
2009-04-01 22:13:35 A------- 165 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Spyware Cleaner.reg.dat
2009-04-01 22:13:36 A------- 193 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-goqqe.reg.dat
2009-04-01 22:13:41 A------- 94 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-UC_SMB.reg.dat
2009-04-01 22:13:41 A------- 156 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-304ef22d.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-byvvu.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-byxwv.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-byxya.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-cbaxx.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-cbxus.reg.dat
2009-04-01 22:14:06 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-efeba.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-hgdcd.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-hgghg.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-jkkhg.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-ljjgf.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-mljki.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-opnml.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-pmkij.reg.dat
2009-04-01 22:14:07 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-pmnkk.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-pmnkl.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-rqomk.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-rqonl.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-rqrop.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-sstur.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-tusqr.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-tusro.reg.dat
2009-04-01 22:14:08 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-tustt.reg.dat
2009-04-01 22:14:09 A------- 512 C:\Qoobox\Quarantine\Registry_backups\Notify-ljjigdd.reg.dat
2009-04-01 22:14:09 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-vtuvs.reg.dat
2009-04-01 22:14:09 A------- 570 C:\Qoobox\Quarantine\Registry_backups\Notify-vtuvt.reg.dat
2009-04-02 07:20:53 A------- 83,527 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\u7avi1473u1435ly.bin.vir
2009-04-02 07:29:12 A------- 525,570 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\u7iavi2037u2016m5.bin.vir
2009-04-02 16:25:34 A------- 2,381 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\avginfoavi.ctf.vir
2009-04-02 16:25:34 A------- 5,326 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\download\avginfowin.ctf.vir
2009-04-02 21:19:34 A------- 501 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\setup.cfg.vir
2009-04-02 21:19:34 A------- 962 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\updatecomps.cfg.vir
2009-04-02 21:19:35 A------- 210 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\wdlog.cfg.vir
2009-04-02 21:19:35 A------- 216 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\lnglog.cfg.vir
2009-04-02 21:19:35 A------- 216 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\updlog.cfg.vir
2009-04-02 21:19:35 A------- 219 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\ldrlog.cfg.vir
2009-04-02 21:19:35 A------- 219 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\vaultlog.cfg.vir
2009-04-02 21:19:35 A------- 223 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\cfgexlog.cfg.vir
2009-04-02 21:19:35 A------- 224 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\schedlog.cfg.vir
2009-04-02 21:19:35 A------- 236 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\wdsvclog.cfg.vir
2009-04-02 21:19:35 A------- 288 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\privlog.cfg.vir
2009-04-02 21:19:35 A------- 311 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\nslog.cfg.vir
2009-04-02 21:19:35 A------- 311 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\rslog.cfg.vir
2009-04-02 21:19:35 A------- 325 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\scanlog.cfg.vir
2009-04-02 21:19:35 A------- 422 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\corelog.cfg.vir
2009-04-02 21:19:35 A------- 442 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\srmlog.cfg.vir
2009-04-02 21:19:35 A------- 528 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\publog.cfg.vir
2009-04-02 21:19:35 A------- 739 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\cfglog.cfg.vir
2009-04-02 21:19:35 A------- 1,219 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avguilog.cfg.vir
2009-04-02 21:19:36 A------- 159 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_top_green.gif.vir
2009-04-02 21:19:36 A------- 204 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_top_orange.gif.vir
2009-04-02 21:19:36 A------- 217 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_top_yellow.gif.vir
2009-04-02 21:19:36 A------- 303 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_middle_gray.gif.vir
2009-04-02 21:19:36 A------- 303 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_top_gray.gif.vir
2009-04-02 21:19:36 A------- 333 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_bottom_gray.gif.vir
2009-04-02 21:19:36 A------- 336 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_top_yellow.gif.vir
2009-04-02 21:19:36 A------- 362 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\safe.gif.vir
2009-04-02 21:19:36 A------- 364 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\caution.gif.vir
2009-04-02 21:19:36 A------- 374 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\warning.gif.vir
2009-04-02 21:19:36 A------- 389 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\unknown.gif.vir
2009-04-02 21:19:36 A------- 394 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\blocked.gif.vir
2009-04-02 21:19:36 A------- 439 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\box_bottom_red.gif.vir
2009-04-02 21:19:36 A------- 446 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_top_orange.gif.vir
2009-04-02 21:19:36 A------- 454 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_bottom_green.gif.vir
2009-04-02 21:19:36 A------- 471 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_top_gray.gif.vir
2009-04-02 21:19:36 A------- 484 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_top_red.gif.vir
2009-04-02 21:19:36 A------- 512 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\box_top_red.gif.vir
2009-04-02 21:19:36 A------- 550 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\close.gif.vir
2009-04-02 21:19:36 A------- 586 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\click_here_gray.gif.vir
2009-04-02 21:19:36 A------- 610 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_middle_green.gif.vir
2009-04-02 21:19:36 A------- 613 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_close.gif.vir
2009-04-02 21:19:36 A------- 617 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_bottom_orange.gif.vir
2009-04-02 21:19:36 A------- 626 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_bottom_yellow.gif.vir
2009-04-02 21:19:36 A------- 630 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\slider.bmp.vir
2009-04-02 21:19:36 A------- 773 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_middle_orange.gif.vir
2009-04-02 21:19:36 A------- 820 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_top_green.gif.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\avglinks.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\avgstatus.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\avgstatus_error.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesearch.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesearch_off.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesearch_on.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesurf.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesurf_off.bmp.vir
2009-04-02 21:19:36 A------- 824 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\safesurf_on.bmp.vir
2009-04-02 21:19:36 A------- 959 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_top_red.gif.vir
2009-04-02 21:19:36 A------- 974 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_middle_yellow.gif.vir
2009-04-02 21:19:36 A------- 1,268 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\click_here_orange.gif.vir
2009-04-02 21:19:36 A------- 1,332 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\background_middle_red.gif.vir
2009-04-02 21:19:36 A------- 1,333 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\click_here_red.gif.vir
2009-04-02 21:19:36 A------- 1,368 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\click_here_yellow.gif.vir
2009-04-02 21:19:36 A------- 1,418 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\click_here_green.gif.vir
2009-04-02 21:19:36 A------- 1,447 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\LS_Logo_Results.gif.vir
2009-04-02 21:19:36 A------- 1,662 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_unknown.gif.vir
2009-04-02 21:19:36 A------- 1,932 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\block-doc.gif.vir
2009-04-02 21:19:36 A------- 2,229 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_blocked.gif.vir
2009-04-02 21:19:36 A------- 2,314 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_safe.gif.vir
2009-04-02 21:19:36 A------- 2,344 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_warning.gif.vir
2009-04-02 21:19:36 A------- 2,364 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\icons_caution.gif.vir
2009-04-02 21:19:36 A------- 2,455 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\clock.gif.vir
2009-04-02 21:19:36 A------- 2,648 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\avglogo.bmp.vir
2009-04-02 21:19:36 A------- 3,238 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\Icons\border_bottom_red.gif.vir
2009-04-02 21:19:36 A------- 7,854 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\p_yahoo.bmp.vir
2009-04-02 21:19:36 A------- 18,315 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\avgtoolbartb0502.cfg.vir
2009-04-02 21:19:36 A------- 47,094 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ToolbarIEcache\brandlogo.bmp.vir
2009-04-02 21:19:36 A------- 75,544 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgdumpx.exe.vir
2009-04-02 21:19:36 A------- 298,264 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgwdsvc.exe.vir
2009-04-02 21:19:36 A------- 311,576 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avglngx.dll.vir
2009-04-02 21:19:36 A------- 338,200 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgscanx.dll.vir
2009-04-02 21:19:36 A------- 341,272 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgsrmax.exe.vir
2009-04-02 21:19:36 A------- 511,256 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgvvx.dll.vir
2009-04-02 21:19:36 A------- 531,224 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgsched.dll.vir
2009-04-02 21:19:36 A------- 681,752 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgsrmx.dll.vir
2009-04-02 21:19:36 A------- 729,880 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcfgex.exe.vir
2009-04-02 21:19:36 A------- 760,600 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgscanx.exe.vir
2009-04-02 21:19:36 A------- 826,648 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcfgx.dll.vir
2009-04-02 21:19:36 A------- 1,247,424 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgwd.dll.vir
2009-04-02 21:19:37 A------- 1,184 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgatupd.stp.vir
2009-04-02 21:19:37 A------- 2,552 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgatend.stp.vir
2009-04-02 21:19:37 A------- 87,291 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\dfncfg.dat.vir
2009-04-02 21:19:37 A------- 176,920 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgmail.dll.vir
2009-04-02 21:19:37 A------- 226,584 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avg7api.dll.vir
2009-04-02 21:19:37 A------- 237,336 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgbat.bav.vir
2009-04-02 21:19:37 A------- 264,984 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgoff2k.dll.vir
2009-04-02 21:19:37 A------- 274,200 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgamnot.dll.vir
2009-04-02 21:19:37 A------- 299,288 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgmvflx.dll.vir
2009-04-02 21:19:37 A------- 353,048 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgxch32.dll.vir
2009-04-02 21:19:37 A------- 422,912 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgwdwsc.dll.vir
2009-04-02 21:19:37 A------- 423,192 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\fixcfg.exe.vir
2009-04-02 21:19:37 A------- 582,936 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgiproxy.exe.vir
2009-04-02 21:19:37 A------- 746,264 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avginet.dll.vir
2009-04-02 21:19:37 A------- 1,057,048 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgupd.exe.vir
2009-04-02 21:19:37 A------- 1,159,960 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgabout.dll.vir
2009-04-02 21:19:37 A------- 1,209,624 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgfrw.exe.vir
2009-04-02 21:19:37 A------- 1,213,720 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgapix.dll.vir
2009-04-02 21:19:37 A------- 1,423,640 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgupd.dll.vir
2009-04-02 21:19:37 A------- 1,932,568 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgtray.exe.vir
2009-04-02 21:19:37 A------- 3,394,328 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgui.exe.vir
2009-04-02 21:19:38 A------- 2,167,576 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgresf.dll.vir
2009-04-02 21:19:38 A------- 2,301,208 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avguiadv.dll.vir
2009-04-02 21:19:38 A------- 2,670,872 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avguires.dll.vir
2009-04-02 21:19:39 A------- 69,400 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcrlpx.dll.vir
2009-04-02 21:19:39 A------- 117,528 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgse.dll.vir
2009-04-02 21:19:39 A------- 417,048 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcclix.dll.vir
2009-04-02 21:19:39 A------- 2,039,576 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcorex.dll.vir
2009-04-02 21:19:41 A------- 337,176 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avglogx.dll.vir
2009-04-02 21:19:41 A------- 380,184 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgclitx.dll.vir
2009-04-02 21:19:41 A------- 485,144 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgrsx.exe.vir
2009-04-02 21:19:41 A------- 594,200 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgnsx.exe.vir
2009-04-02 21:19:41 A------- 691,992 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcsrvx.exe.vir
2009-04-02 21:19:41 A------- 3,131,672 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\setup.exe.vir
2009-04-02 21:19:43 A------- 174 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avg.snu.vir
2009-04-02 21:19:43 A------- 96,970 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\setupus.lns.vir
2009-04-02 21:19:43 A------- 824,600 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgcmgr.exe.vir
2009-04-02 21:19:43 A------- 978,706 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\setup.dat.vir
2009-04-02 21:19:44 A------- 935,192 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgxpl.dll.vir
2009-04-02 21:19:44 A------- 1,078,552 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgssie.dll.vir
2009-04-02 21:19:51 A------- 79,128 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgpp.dll.vir
2009-04-02 21:19:52 A------- 5 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avg404.txt.vir
2009-04-02 21:19:52 A------- 120 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\ph.dat.vir
2009-04-02 21:19:52 A------- 1,044 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\cf.dat.vir
2009-04-02 21:19:52 A------- 2,652 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\sb2.dat.vir
2009-04-02 21:19:52 A------- 26,712 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\sc.dat.xcd.vir
2009-04-02 21:19:52 A------- 129,296 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\sb.dat.xcd.vir
2009-04-02 21:19:52 A------- 129,524 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\sc.dat.vir
2009-04-02 21:19:52 A------- 414,452 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\sb.dat.vir
2009-04-02 21:19:52 A------- 555,288 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgtbapi.dll.vir
2009-04-02 21:19:52 A------- 1,968,920 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgtoolbar.dll.vir
2009-04-02 21:19:54 A------- 4,889 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgmwdef_us.mht.vir
2009-04-02 21:19:54 A------- 10,310 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\license_us.txt.vir
2009-04-02 21:19:54 A------- 17,128 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgfree_us.mht.vir
2009-04-02 21:19:54 A------- 18,984 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\contacts_us.html.vir
2009-04-02 21:19:54 A------- 183,994 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgf8us.chm.vir
2009-04-02 21:19:54 A------- 284,607 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avg8us.lng.vir
2009-04-02 21:19:54 A------- 1,045,128 C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\dbghelp.dll.vir
2009-04-02 21:20:12 A------- 122,230 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log.vir
2009-04-02 21:20:15 A------- 2,874 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Temp\2398dfc4-d78c-4142-9c3b-8b7ee90ce839-f14-oopp.tmp.vir
2009-04-02 21:21:58 A------- 57,798 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\backup\microavi.avg.vir
2009-04-02 21:21:58 A------- 34,395,507 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\update\backup\incavi.avm.vir
2009-04-02 21:24:06 A------- 129,884 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log.vir
2009-04-02 21:35:59 A------- 46 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Cfg\admin.cfg.vir
2009-04-02 21:35:59 A------- 50 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\CfgAll\krnlall.cfg.vir
2009-04-02 21:43:15 A------- 599 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Temp\_2398dfc4-d78c-4142-9c3b-8b7ee90ce839-f14-oopp_.tmp.zip
2009-04-02 21:54:44 A------- 910 C:\Qoobox\Quarantine\Registry_backups\Legacy_SPYWARECLEANERSERVICE.reg.dat
2009-04-02 21:54:45 A------- 2,812 C:\Qoobox\Quarantine\Registry_backups\Service_SpywareCleanerService.reg.dat
2009-04-02 22:01:17 A------- 520 C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8\Log\_commonpriv_.log.zip
2009-04-02 22:04:02 A------- 132 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG8_TRAY.reg.dat

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:18 AM

Posted 02 April 2009 - 07:25 PM

Hello.

Okay, let's continue.

Please navigate to the following folder:

C:\Qoobox\Quarantine\Registry_backups <- This folder

Now rename HKLM-Run-AVG8_TRAY.reg.dat by removing the .dat extension, so it is: HKLM-Run-AVG8_TRAY.reg

Double click on that reg file and it will ask if you wish to merge the following to the registry. Say Yes and let me know if it was merged successfully.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    DEQUARANTINE::
    C:\Qoobox\Quarantine\C\Program Files\AVG
    C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\avg8
    C:\Qoobox\Quarantine\C\$AVG8.VAULT$
    RegLock::
    [HKLM\SYSTEM\ControlSet001\Services\UACd.sys]
    [HKLM\SYSTEM\ControlSet002\Services\UACd.sys]
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Post back with:
-Combofix log

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 Wizard99

Wizard99
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 03 April 2009 - 12:24 PM

I have re-named the file, but when double clicking on it I get a message window indicating that it is a .DAT file. Looking at the file properties, this is confirmed. How do I convince it that it doesn't want to be a .dat file anymore???

Regards

Alan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users