hi im looking at a friends pc for him and its running quite slow.windows security alert is on and he cant turn on automatic updates. i have run spybot and malware bytes which found a few things which i have deleted from them programs, but cant still turn it on. can any1 help me please?
thanks in advance :)
hjt logfile under here

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:44, on 08/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\RunServices: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'samantha drake')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6892 bytes

Hi muffun

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

hi shaba here is what you asked for

Logfile of random's system information tool 1.06 (written by random/random)
Run by Danny Haslam at 2009-11-12 16:42:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 339 GB (71%) free of 477 GB
Total RAM: 2047 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:42:11, on 12/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Danny Haslam.DANNY\Desktop\RSIT.exe
C:\Program Files\trend micro\Danny Haslam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\RunServices: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fast Drv] C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6696 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Gainward"=C:\Program Files\XpertVision\TBPanel.exe [2007-11-01 2165256]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"nwiz"=nwiz.exe /install []
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2009-10-04 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2009-10-04 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-10-04 86016]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2003-01-27 376912]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"@OnlineArmor GUI"=C:\Program Files\Tall Emu\Online Armor\oaui.exe [2009-07-11 2121416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Fast Drv"=C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe [2008-04-14 1167360]
"EnableDCOM"=N []
"restrictanonymous"=1 []
"restrictanonymoussam"=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Fast Drv"=C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe [2008-04-14 1167360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=C:\PROGRA~1\TALLEM~1\Online Armor\oaevent.dll [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2009-11-12 16:42:01 ----D---- C:\rsit
2009-11-12 14:23:07 ----D---- C:\MGtools
2009-11-12 12:35:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-12 12:35:25 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-12 12:35:25 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com
2009-11-08 18:06:12 ----D---- C:\Program Files\Trend Micro
2009-11-08 17:51:46 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\Malwarebytes
2009-11-08 17:51:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-07 16:02:49 ----D---- C:\Program Files\directx
2009-11-05 20:30:01 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-11-05 20:30:01 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-11-05 20:30:00 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-11-05 20:30:00 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-11-05 20:29:59 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-11-05 20:29:59 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-11-05 20:29:58 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-11-03 20:36:03 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 20:36:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 20:36:03 ----A---- C:\WINDOWS\system32\java.exe
2009-10-31 12:09:46 ----D---- C:\Y.D.T
2009-10-31 12:09:32 ----A---- C:\WINDOWS\system32\wpcap.dll
2009-10-31 12:09:32 ----A---- C:\WINDOWS\system32\WanPacket.dll
2009-10-31 12:09:32 ----A---- C:\WINDOWS\system32\pthreadVC.dll
2009-10-31 12:09:32 ----A---- C:\WINDOWS\system32\Packet.dll
2009-10-31 12:09:25 ----D---- C:\Program Files\E.M. Youtube Video Download Tool
2009-10-30 19:15:41 ----D---- C:\WINDOWS\system32\Adobe
2009-10-28 17:48:09 ----D---- C:\Microgaming
2009-10-26 14:30:51 ----HD---- C:\WINDOWS\PIF
2009-10-20 13:26:23 ----D---- C:\Program Files\Software Illusions
2009-10-17 02:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-17 02:03:00 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-17 02:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-17 02:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-17 02:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-17 02:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-17 02:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-17 02:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-17 02:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 20:34:21 ----D---- C:\7a5902dc6048a5b9926ae0
2009-10-13 02:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-11-12 16:42:12 ----D---- C:\WINDOWS\Prefetch
2009-11-12 16:42:06 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2009-11-12 16:37:27 ----A---- C:\WINDOWS\DFC.INI
2009-11-12 14:25:33 ----D---- C:\WINDOWS
2009-11-12 14:23:28 ----D---- C:\WINDOWS\Temp
2009-11-12 14:18:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 14:03:39 ----D---- C:\Program Files\Mozilla Firefox
2009-11-12 14:02:56 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-12 14:01:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-12 12:35:30 ----SHD---- C:\WINDOWS\Installer
2009-11-12 12:35:30 ----SD---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\Microsoft
2009-11-12 12:35:30 ----D---- C:\Config.Msi
2009-11-12 12:35:25 ----RD---- C:\Program Files
2009-11-12 12:35:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-12 12:31:58 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\uTorrent
2009-11-12 12:28:47 ----D---- C:\WINDOWS\pss
2009-11-11 20:47:05 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-11 20:46:47 ----D---- C:\WINDOWS\Minidump
2009-11-11 15:41:12 ----D---- C:\WINDOWS\system32
2009-11-10 22:19:42 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\vlc
2009-11-08 20:17:09 ----D---- C:\temp
2009-11-08 18:41:56 ----D---- C:\Program Files\LimeWire
2009-11-08 17:52:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-08 17:03:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-07 15:54:57 ----D---- C:\WINDOWS\system32\Macromed
2009-11-05 20:30:45 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\Sports Interactive
2009-11-05 20:30:02 ----D---- C:\WINDOWS\system32\DirectX
2009-11-05 20:30:01 ----HD---- C:\WINDOWS\inf
2009-11-05 20:29:49 ----HD---- C:\WINDOWS\msdownld.tmp
2009-11-05 20:27:59 ----D---- C:\Program Files\Sports Interactive
2009-11-05 03:00:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-05 03:00:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 20:35:57 ----D---- C:\Program Files\Java
2009-10-31 10:20:04 ----RSD---- C:\WINDOWS\assembly
2009-10-31 10:01:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-31 10:01:29 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-30 22:40:59 ----SHD---- C:\System Volume Information
2009-10-30 22:31:25 ----RSD---- C:\WINDOWS\Fonts
2009-10-30 22:26:28 ----D---- C:\WINDOWS\system32\config
2009-10-22 09:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-20 13:06:50 ----D---- C:\WINDOWS\Debug
2009-10-20 12:07:22 ----D---- C:\WINDOWS\Help
2009-10-17 02:19:26 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-17 02:06:10 ----D---- C:\WINDOWS\WinSxS
2009-10-17 02:04:40 ----D---- C:\Program Files\Internet Explorer
2009-10-15 05:22:12 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\LimeWire
2009-10-14 19:44:39 ----D---- C:\Documents and Settings\Danny Haslam.DANNY\Application Data\dvdcss
2009-10-13 20:38:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-13 20:38:29 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-10-13 20:34:47 ----D---- C:\WINDOWS\system32\XPSViewer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a28gyulg;a28gyulg; C:\WINDOWS\system32\drivers\a28gyulg.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys []
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys []
S3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys []
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2009-04-30 265496]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2007-11-07 34064]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 OAcat;Online Armor Helper Service; C:\Program Files\Tall Emu\Online Armor\OAcat.exe [2009-07-11 362184]
R2 SvcOnlineArmor;Online Armor; C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2009-07-11 3142344]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 LVPrcSrv;Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-10-04 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-10-04 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-11-12 16:42:16

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Auslogics BoostSpeed-->"C:\Program Files\Auslogics\Auslogics BoostSpeed\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CopyTrans Suite Remove Only-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
E.M. Youtube Video Download Tool 3.10-->"C:\Program Files\E.M. Youtube Video Download Tool\unins000.exe"
Easy Avi/Divx/Xvid to DVD Burner 2.5.1-->"C:\Program Files\Easy Avi Divx Xvid to DVD Burner\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
Online Armor 3.5-->"C:\Program Files\Tall Emu\Online Armor\unins000.exe"
PKR-->"C:\Program Files\PKR\uninstall-pkr.exe"
Radar Screensaver version 1.71-->"C:\Program Files\Radar Screensaver\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Samsung Master-->C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\INSTALL.LOG
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
XpertVision 5.7-->"C:\Program Files\XpertVision\unins000.exe"

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com

======Security center information======

AV: AntiVir Desktop
FW: Online Armor Firewall

======System event log======

Computer Name: DANNY
Event Code: 7000
Message: The Cardex service failed to start due to the following error:
Access is denied.


Record Number: 33
Source Name: Service Control Manager
Time Written: 20091031100132.000000+000
Event Type: error
User:

Computer Name: DANNY
Event Code: 7000
Message: The TBPanel service failed to start due to the following error:
Access is denied.


Record Number: 19
Source Name: Service Control Manager
Time Written: 20091031100027.000000+000
Event Type: error
User:

Computer Name: DANNY
Event Code: 7000
Message: The Process Monitor service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 18
Source Name: Service Control Manager
Time Written: 20091031100027.000000+000
Event Type: error
User:

Computer Name: DANNY
Event Code: 10010
Message: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.

Record Number: 4
Source Name: DCOM
Time Written: 20091030222825.000000+000
Event Type: error
User: DANNY\Danny Haslam

Computer Name: DANNY
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
%%2149896199

Record Number: 3
Source Name: Service Control Manager
Time Written: 20091030222815.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: DANNY
Event Code: 4113
Message: AntiVir has detected 'TR/Crypt.XPACK.Gen'
in the file
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP117\A0027439.exe

Record Number: 8
Source Name: Avira AntiVir
Time Written: 20091031045557.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DANNY
Event Code: 4113
Message: AntiVir has detected 'TR/Crypt.XPACK.Gen'
in the file
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP117\A0027439.exe

Record Number: 7
Source Name: Avira AntiVir
Time Written: 20091031035557.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DANNY
Event Code: 4113
Message: AntiVir has detected 'TR/Crypt.XPACK.Gen'
in the file
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP117\A0027439.exe

Record Number: 6
Source Name: Avira AntiVir
Time Written: 20091031025557.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DANNY
Event Code: 4113
Message: AntiVir has detected 'TR/Crypt.XPACK.Gen'
in the file
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP117\A0027439.exe

Record Number: 5
Source Name: Avira AntiVir
Time Written: 20091031015557.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DANNY
Event Code: 4113
Message: AntiVir has detected 'TR/Crypt.XPACK.Gen'
in the file
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP117\A0027439.exe

Record Number: 4
Source Name: Avira AntiVir
Time Written: 20091031012834.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\DOCUME~1\DANNYH~1.DAN\LOCALS~1\Temp\rfwhost.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Hi thanks for the fast response
when i go to paste it wont let me so i browse and find the folder which you asked me to go in and the temp folder is empty so i cant run the scan sorry.when i press browse and type in rfwhost it says file not found

sorry for posting again but i have just found the file in
c:\documentsandsettings\dannyhaslam.danny\localsettings\temp\rfwhost
so i have just put in on jottis and this is what i got


Jotti's malware scan
Filename: rfwhost.exe
Status:
Scan finished. 9 out of 21 scanners reported malware.
Scan taken on: Thu 12 Nov 2009 22:35:27 (CET) Permalink

Additional info
File size: 1167360 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: d8141501d1b7908011137345dc37e67f
SHA1: 3b81e4ebc582be7ce58e84963d202ffe516753df
Packer (Drweb): ZLIB




Scanners
[ArcaVir]
2009-11-12 Heur.W32
[G DATA]
2009-11-12 Win32:Malware-gen
[A-Squared]
2009-11-12 Backdoor.Win32.SdBot!IK
[Ikarus]
2009-11-12 Backdoor.Win32.SdBot
[Avast! antivirus]
2009-11-12 Win32:Malware-gen
[Kaspersky Anti-Virus]
2009-11-12 Found nothing
[Grisoft AVG Anti-Virus]
2009-11-12 SHeur2.BKKH
[ESET NOD32]
2009-11-12 Found nothing
[Avira AntiVir]
2009-11-12 Found nothing
[Norman Virus Control]
2009-11-11 Kolab.B
[Softwin BitDefender]
2009-11-12 Found nothing
[Panda Antivirus]
2009-11-11 Found nothing
[ClamAV]
2009-11-12 Found nothing
[Quick Heal]
2009-11-12 Found nothing
[CPsecure]
2009-11-12 Found nothing
[Sophos]
2009-11-12 Found nothing
[Dr.Web]
2009-11-12 Found nothing
[VirusBlokAda VBA32]
2009-11-11 Found nothing
[Frisk F-Prot Antivirus]
2009-11-12 W32/Backdoor2.GCSN
[VirusBuster]
2009-11-12 Worm.SdBot.ALNI
[F-Secure Anti-Virus]
2009-11-12 Found nothing


hope this helps :)

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post

hi shaba
i would really appreciate if we could try and clean it first and if all fails then i can format. thanks alot :)

Yes but before we start to clean you will have to change all online passwords from a known clean computer.

Let me know when you have done it and we will continue :)

all online passwords changed.

We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

hi i went to the site you had posted and downloaded and ran combofix. once combofix said it was gonna reboot. it rebooted and when windows started up a pop up message came up saying
C:\combofix\CF124.exe
windows cannot access the specifed device, path, or file. you may not have the appropriate permissions to access the item.
i ran the hjt and got a log but combofix didnt produce one.

here is hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:32, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF124.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6356 bytes

sorry i have found the combofix log file and here it is

ComboFix 09-11-13.06 - Danny Haslam 13/11/2009 21:06.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1412 [GMT 0:00]
Running from: c:\documents and settings\Danny Haslam.DANNY\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-13 14:50 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2009-11-13 14:50 . 2009-11-13 14:50 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\WINDOWS
2009-11-13 14:24 . 2005-04-28 06:17 65536 ----a-r- c:\windows\system32\lxcecfg.dll
2009-11-13 14:24 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-13 14:24 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 14:24 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-13 14:24 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- C:\rsit
2009-11-12 14:23 . 2009-11-12 14:25 104521 ----a-w- C:\MGlogs.zip
2009-11-12 14:23 . 2009-11-12 14:25 -------- d-----w- C:\MGtools
2009-11-12 12:36 . 2009-11-12 12:36 117760 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-12 12:35 . 2009-11-12 12:35 65024 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-11-12 12:35 . 2009-11-12 12:35 5120 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-11-12 12:35 . 2009-11-12 12:35 18944 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com
2009-11-08 20:17 . 2009-11-08 20:17 77824 ----a-w- c:\temp\autoplay.exe
2009-11-08 20:16 . 2009-11-08 20:16 1167360 ----a-w- c:\temp\mjf64.exe
2009-11-08 20:10 . 2009-11-08 20:10 1167360 ----a-w- c:\temp\mjf76.exe
2009-11-08 18:06 . 2009-11-12 16:42 -------- d-----w- c:\program files\Trend Micro
2009-11-08 17:52 . 2009-11-08 17:52 4045527 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Malwarebytes
2009-11-08 17:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 17:51 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-08 13:17 . 2009-11-08 20:16 56320 ----a-w- c:\temp\Setup.exe
2009-11-07 16:02 . 2009-11-07 16:02 -------- d-----w- c:\program files\directx
2009-11-07 11:04 . 2009-08-31 19:52 52224 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
2009-11-07 11:04 . 2009-08-31 19:52 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-11-05 20:30 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-05 20:30 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-05 20:30 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-05 20:30 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-03 20:34 . 2009-11-03 20:34 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 12:10 . 2009-11-01 18:55 852 ----a-w- c:\windows\system32\Infoa.dat
2009-10-31 12:10 . 2009-11-01 18:55 3611 ----a-w- c:\windows\system32\Infob.dat
2009-10-31 12:09 . 2009-11-01 12:08 500 ----a-w- c:\windows\system32\treeinfo.dat
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- C:\Y.D.T
2009-10-31 12:09 . 2009-11-01 12:08 -------- d-----w- c:\program files\E.M. Youtube Video Download Tool
2009-10-31 09:39 . 2009-10-31 09:39 -------- d--h--w- c:\documents and settings\Danny Haslam.DANNY\InstallAnywhere
2009-10-30 19:15 . 2009-10-30 19:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 13:48 . 2009-08-26 15:22 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
2009-10-28 17:48 . 2009-10-28 17:48 -------- d-----w- C:\Microgaming
2009-10-26 14:30 . 2009-10-26 14:30 -------- d--h--w- c:\windows\PIF
2009-10-21 07:59 . 2009-10-21 07:59 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\PCHealth
2009-10-20 13:26 . 2009-10-30 22:32 -------- d-----w- c:\program files\Software Illusions
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\Identities
2009-10-17 07:05 . 2009-10-17 07:05 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\PCHealth
2009-10-17 02:04 . 2009-10-17 02:04 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 19:44 . 2009-09-12 21:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-12 12:35 . 2008-07-17 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-12 12:31 . 2009-07-20 19:55 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
2009-11-11 20:47 . 2009-07-20 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-10 22:19 . 2009-07-30 20:28 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\vlc
2009-11-08 18:41 . 2008-09-26 22:39 -------- d-----w- c:\program files\LimeWire
2009-11-08 17:52 . 2008-10-26 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 17:03 . 2009-07-20 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 16:54 . 2009-07-19 21:46 43920 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 20:30 . 2009-08-04 15:08 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sports Interactive
2009-11-05 20:27 . 2008-09-20 12:40 -------- d-----w- c:\program files\Sports Interactive
2009-11-03 20:35 . 2009-07-28 20:54 -------- d-----w- c:\program files\Java
2009-11-01 18:24 . 2009-08-03 19:57 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\vlc
2009-10-26 14:29 . 2009-08-03 20:02 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
2009-10-15 05:22 . 2009-08-20 18:45 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire
2009-10-14 19:44 . 2009-07-30 20:29 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\dvdcss
2009-10-14 05:24 . 2009-10-07 17:41 230992 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 20:38 . 2008-06-20 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 04:17 . 2009-07-28 20:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 13:48 . 2009-10-01 18:41 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Auslogics
2009-10-08 13:52 . 2009-10-08 13:52 -------- d-----w- c:\program files\Radar Screensaver
2009-10-07 17:16 . 2008-06-20 20:34 -------- d-----w- c:\program files\Samsung
2009-10-06 15:01 . 2009-10-06 15:01 -------- d-----w- c:\program files\IMSIDesign
2009-10-06 14:58 . 2009-10-06 14:58 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\IMSIDesign
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\DAZ 3D
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\program files\Common Files\DAZ
2009-10-06 14:07 . 2009-10-06 14:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2009-10-04 15:40 . 2000-04-03 16:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2009-10-04 15:39 . 2009-07-19 16:07 49152 ------r- c:\windows\system32\ChCfg.exe
2009-10-04 15:39 . 2006-02-28 12:00 77824 ----a-w- c:\windows\system32\cliconfg.dll
2009-10-04 15:39 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-04 15:39 . 2008-06-20 17:40 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2009-10-04 15:39 . 2008-06-20 17:40 2879488 ----a-r- c:\windows\SkyTel.exe
2009-10-04 15:35 . 2009-07-19 16:06 499712 ------r- c:\windows\RtlExUpd.dll
2009-10-04 15:35 . 2008-06-20 17:40 364544 ----a-r- c:\windows\RtlUpd.exe
2009-10-04 15:17 . 2009-09-05 21:51 737280 ----a-w- c:\windows\iun6002.exe
2009-10-04 15:13 . 2008-06-20 17:40 69632 ----a-r- c:\windows\ALCMTR.EXE
2009-10-04 14:46 . 2009-08-03 19:31 114688 ----a-w- c:\documents and settings\samantha drake.DANNY\Application Data\Mozilla\Firefox\Profiles\xgvwmit5.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-10-01 19:00 . 2009-10-01 18:59 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\Auslogics
2009-10-01 18:55 . 2009-10-01 18:41 -------- d-----w- c:\program files\Auslogics
2009-09-28 19:04 . 2008-06-21 15:11 -------- d-----w- c:\program files\PKR
2009-09-18 12:18 . 2009-09-18 12:18 -------- d-----w- c:\program files\PCPitstop
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-07-27 13:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:27 . 2009-08-05 11:15 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnableDCOM"="N" [X]
"restrictanonymous"="1 (0x1)" [X]
"restrictanonymoussam"="1 (0x1)" [X]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-01 2165256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-04 86016]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2009-10-04 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2009-10-04 94208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-10-04 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\Online Armor\oaevent.dll" [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/07/2009 19:39 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/07/2009 19:39 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/07/2009 19:39 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/06/2009 15:47 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [18/07/2009 23:15 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [18/07/2009 23:15 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\
FF - component: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'winlogon.exe'(1940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-13 21:16
ComboFix-quarantined-files.txt 2009-11-13 21:15

Pre-Run: 355,754,180,608 bytes free
Post-Run: 355,723,390,976 bytes free

- - End Of File - - 5247337B98BDA614B24B921011A6DD77

Open notepad and copy/paste the text in the codebox below into it:


File::
c:\temp\autoplay.exe
c:\temp\mjf64.exe
c:\temp\mjf76.exe

Folder::
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
c:\program files\LimeWire
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

ComboFix 09-11-14.03 - Danny Haslam 14/11/2009 17:56.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1413 [GMT 0:00]
Running from: c:\documents and settings\Danny Haslam.DANNY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Danny Haslam.DANNY\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"c:\temp\autoplay.exe"
"c:\temp\mjf64.exe"
"c:\temp\mjf76.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\active.mojito
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\downloads.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\gnutella.net
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\installation.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\library.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\library5.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\limewire.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\lock
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mojito.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\CB7E9345d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\questions.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\responses.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\simpp.xml
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\spam.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\version.xml
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\versions.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\[PC] 18 WHEELS OF STEEL EXTREME TRUCKER-[ESPACONSOLAS.com].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\[shiftkontrol]WSBK.2009.Round02.Qatar.Race1.Eurosport2.XviD.English.asd.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\21 Slot Machine Games (full) [yahaa.org].rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Adulthood.LiMiTED.DVDRip.XviD.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Amateur.Strip.Night.First.Time.PPV.DSRip.XviD-aAF.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Annabelle Flowers.mov.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\ap3086-4.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\AusLogics BoostSpeed 4.2.8.175 [h33t] [^MiXaLa_KiS^].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Auslogics BoostSpeed v4.1.4.135+Keygen.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Big Tunes Back 2 The 90s.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bigfish Games - Wheel of Fortune 2.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew-Time 2 Shine-WLY.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew - Time 2 Shine.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew - Time 2 Shine.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blank.Check.1994.AC3.DvDrip.XviD.SWESUB-KickFoot.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Boat.Trip.DVDRip.XViD-DVL.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Heaven 14.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 15.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 15.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Heaven 6.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 9 2008.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\BOUNCE HEAVEN EVENT 4 - 7CDS FEB 08.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven in the venue 2009 bh16.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Mania - 2009(split tracks + covers)barney's rg.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bouncy-Tunez Vol 16.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Call_Of_Juarez_Bound_In_Blood.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Championship.Manager.2007.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Championship.Manager.2010-RELOADED.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Cheetah DVD Burner 2.18 & CD Burner 4.12 + Serial [h33t] [CaZoR].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\CluedoReloaded.rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Command.And.Conquer.3.Kanes.Wrath.Full-Rip.Multi-6.Skullptura.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Conspiracy Weapons of Mass Destruction.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Dance Flick.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The Gathering.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The Heist [2006].avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The System [2008].avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - Trick Or Treat S02.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown Plays Russian Roulette.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown Trick Or Treat S01E02.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\derren.brown.evening.of.wonder.ws.pdtv.xvid-ftp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\dht.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Dj Edd Vs Dj Harpo - Bouncy-Tunez Vol 17.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Easy Avi Divx Xvid to DVD Burner v2.5.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fantasy Mom 2 - DVDRip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Farming Simulator 2009[English][PC] [NLT Release].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Feds (1988) (Rebecca De Mornay).avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fighting Unrated 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\fm2009.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Football Manager 2009.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Football.Manager.2010-RELOADED.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Frankie.Boyle.Live.DVDRip.XviD-HAGGiS.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\free.world.of.warcraft.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fruit machines.rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Funny.People.TS.XVID-V2- STG-FATAL.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Hearts of Iron III.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Hotel for Dogs (2009)DvDrip-CLEAR COPY-HQ-KR.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\How.to.Lose.Friends.and.Alienate.People.DVDRip.XviD.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\I Love You Man.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\IMSI Design TurboCAD Pro Platinum v16 0 and CAD 3D Max v19 1 [h33t][deepstatus].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Jeremy.Clarkson.Duel.2009.XviD-FM.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Kidulthood[2006]DvDrip-aXXo.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Land Of The Lost[2009]{Proper}DvDrip-LW.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Meet The Robinsons 2007 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Michael.McIntyre.Live.And.Laughing.DVDRip.XviD-HAGGiS.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Naomi&Gianna.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Observe.and.Report.DVDSCR.XviD-DoNE.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Observe.and.Report.DVDSCR.XviD-DoNE.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\PC Pitstop Optimize 1.5.10.8.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Queen - Greatest Hits (November 2, 1981) Remaster (2009).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Race To Witch Mountain 2009 BRRip H264 5.1 ch-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Radar Screensaver 1.71 - JuBox - [h33t] + Crack.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\resume.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Road Trip Beer Pong 2009 DVDRip XviD-BeStDivX.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\rss.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - All Blacks in Tour 2008 - Scozia.divx.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - Tri Nations 20070630 Australia vs New Zealand.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - Tri Nations 20070714 New Zealand vs South Africa.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\settings.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\SHIFTY [2008] DvDrip.Eng.Xvid-ST3PH.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six Nations Rugby Union - France v Wales 270209.thebox.hannibal.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six Nations Rugby Union - Wales V Ireland 21.03.09.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six.Nations.Rugby.Union.France.vs.Wales.WS.PDTV.XVID-PRETOME.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Street Kings 2008 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\stripshow17.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Superbikes.XS.Ultimate.Crash.DVD.Xvid.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Rainmaker (1997).avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Rainmaker.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Taking Of Pelham 123 TS XVID READ NFO - STG.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Worrst Aldum In The World Ever Ever.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The.Boat.That.Rocked.2009.DvDRip-FxM.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The.Great.British.Pub.Quiz.2008.Interactive.DVD-Crackpots.[PC].[www.SpaTorrent.com].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Top.Gear.13x05.WS.PDTV.XviD-FoV.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\top.gear.ground.force.sports.relief.2008.ws.pdtv.xvid-sparel.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Train Simulator.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Trainz.Simulator.2009.World.Builder.Edition-SKIDROW.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\VA-Wigan_Pier_Presents_Bounce-4CD-2008-(Kingdom-music by Bob White).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Wigan Pier 65 [2009] 2CD's (BINGOWINGZ).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Winrar 3.80 Professional [blaze69].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Winzip Self Extractor 4.0 with Key.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\WSBK.2009.Round01.Australia.Race1.EurosportUK.XviD.English-lcp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\WSBK.2009.Round01.Australia.Race2.EurosportUK.XviD.English-lcp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Zombieland 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\101 Housework Songs - Various.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Cass.2008.LiMiTED.PROPER.DVDRiP.XViD.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\dht.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\dht.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Doghouse 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Going Off Bigtime [2000] DVDRip KvCD (A UKB-Release By BINGOWINGZ).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Jack.Said.LiMiTED.DVDRip.XviD-DiVERSE.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Joint Ops Typhoon Rising + Joint Ops Escalation{Dotcom1}.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Keeps Gettin' Better- A Decade of Hits.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Now Thats What I Call Music 73(pongo1128).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Pink - Funhouse [2008][320kbps]MP3-MT.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\resume.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\resume.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Rise of the Footsoldier[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\rss.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\rss.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\settings.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\settings.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Business.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Proposal[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Pussycat Dolls - Doll Domination 2.0 (2009) NLT-Release.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Untraceable[2008]R5.DvDrip[Eng]-aXXo.torrent
c:\program files\LimeWire
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\temp\autoplay.exe
c:\temp\mjf64.exe
c:\temp\mjf76.exe
this is half of combo as it would not all fit

here is the second lot of combofix

((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-13 14:50 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2009-11-13 14:50 . 2009-11-13 14:50 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\WINDOWS
2009-11-13 14:24 . 2005-04-28 06:17 65536 ----a-r- c:\windows\system32\lxcecfg.dll
2009-11-13 14:24 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-13 14:24 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 14:24 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-13 14:24 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- C:\rsit
2009-11-12 14:23 . 2009-11-12 14:25 104521 ----a-w- C:\MGlogs.zip
2009-11-12 14:23 . 2009-11-12 14:25 -------- d-----w- C:\MGtools
2009-11-12 12:36 . 2009-11-12 12:36 117760 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-12 12:35 . 2009-11-12 12:35 65024 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-11-12 12:35 . 2009-11-12 12:35 5120 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-11-12 12:35 . 2009-11-12 12:35 18944 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com
2009-11-08 18:06 . 2009-11-12 16:42 -------- d-----w- c:\program files\Trend Micro
2009-11-08 17:52 . 2009-11-08 17:52 4045527 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Malwarebytes
2009-11-08 17:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 17:51 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-08 13:17 . 2009-11-08 20:16 56320 ----a-w- c:\temp\Setup.exe
2009-11-07 16:02 . 2009-11-07 16:02 -------- d-----w- c:\program files\directx
2009-11-07 11:04 . 2009-08-31 19:52 52224 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
2009-11-07 11:04 . 2009-08-31 19:52 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-11-05 20:30 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-05 20:30 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-05 20:30 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-05 20:30 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-03 20:34 . 2009-11-03 20:34 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 12:10 . 2009-11-01 18:55 852 ----a-w- c:\windows\system32\Infoa.dat
2009-10-31 12:10 . 2009-11-01 18:55 3611 ----a-w- c:\windows\system32\Infob.dat
2009-10-31 12:09 . 2009-11-01 12:08 500 ----a-w- c:\windows\system32\treeinfo.dat
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- C:\Y.D.T
2009-10-31 12:09 . 2009-11-01 12:08 -------- d-----w- c:\program files\E.M. Youtube Video Download Tool
2009-10-31 09:39 . 2009-10-31 09:39 -------- d--h--w- c:\documents and settings\Danny Haslam.DANNY\InstallAnywhere
2009-10-30 19:15 . 2009-10-30 19:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 13:48 . 2009-08-26 15:22 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
2009-10-28 17:48 . 2009-10-28 17:48 -------- d-----w- C:\Microgaming
2009-10-26 14:30 . 2009-10-26 14:30 -------- d--h--w- c:\windows\PIF
2009-10-21 07:59 . 2009-10-21 07:59 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\PCHealth
2009-10-20 13:26 . 2009-10-30 22:32 -------- d-----w- c:\program files\Software Illusions
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\Identities
2009-10-17 07:05 . 2009-10-17 07:05 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\PCHealth
2009-10-17 02:04 . 2009-10-17 02:04 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 19:44 . 2009-09-12 21:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-12 12:35 . 2008-07-17 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 20:47 . 2009-07-20 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-10 22:19 . 2009-07-30 20:28 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\vlc
2009-11-08 17:52 . 2008-10-26 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 17:03 . 2009-07-20 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 16:54 . 2009-07-19 21:46 43920 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 20:30 . 2009-08-04 15:08 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sports Interactive
2009-11-05 20:27 . 2008-09-20 12:40 -------- d-----w- c:\program files\Sports Interactive
2009-11-03 20:35 . 2009-07-28 20:54 -------- d-----w- c:\program files\Java
2009-11-01 18:24 . 2009-08-03 19:57 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\vlc
2009-10-14 19:44 . 2009-07-30 20:29 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\dvdcss
2009-10-14 05:24 . 2009-10-07 17:41 230992 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 20:38 . 2008-06-20 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 04:17 . 2009-07-28 20:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 13:48 . 2009-10-01 18:41 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Auslogics
2009-10-08 13:52 . 2009-10-08 13:52 -------- d-----w- c:\program files\Radar Screensaver
2009-10-07 17:16 . 2008-06-20 20:34 -------- d-----w- c:\program files\Samsung
2009-10-06 15:01 . 2009-10-06 15:01 -------- d-----w- c:\program files\IMSIDesign
2009-10-06 14:58 . 2009-10-06 14:58 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\IMSIDesign
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\DAZ 3D
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\program files\Common Files\DAZ
2009-10-06 14:07 . 2009-10-06 14:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2009-10-04 15:40 . 2000-04-03 16:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2009-10-04 15:39 . 2009-07-19 16:07 49152 ------r- c:\windows\system32\ChCfg.exe
2009-10-04 15:39 . 2006-02-28 12:00 77824 ----a-w- c:\windows\system32\cliconfg.dll
2009-10-04 15:39 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-04 15:39 . 2008-06-20 17:40 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2009-10-04 15:39 . 2008-06-20 17:40 2879488 ----a-r- c:\windows\SkyTel.exe
2009-10-04 15:35 . 2009-07-19 16:06 499712 ------r- c:\windows\RtlExUpd.dll
2009-10-04 15:35 . 2008-06-20 17:40 364544 ----a-r- c:\windows\RtlUpd.exe
2009-10-04 15:17 . 2009-09-05 21:51 737280 ----a-w- c:\windows\iun6002.exe
2009-10-04 15:13 . 2008-06-20 17:40 69632 ----a-r- c:\windows\ALCMTR.EXE
2009-10-04 14:46 . 2009-08-03 19:31 114688 ----a-w- c:\documents and settings\samantha drake.DANNY\Application Data\Mozilla\Firefox\Profiles\xgvwmit5.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-10-01 19:00 . 2009-10-01 18:59 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\Auslogics
2009-10-01 18:55 . 2009-10-01 18:41 -------- d-----w- c:\program files\Auslogics
2009-09-28 19:04 . 2008-06-21 15:11 -------- d-----w- c:\program files\PKR
2009-09-18 12:18 . 2009-09-18 12:18 -------- d-----w- c:\program files\PCPitstop
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-07-27 13:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:27 . 2009-08-05 11:15 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnableDCOM"="N" [X]
"restrictanonymous"="1 (0x1)" [X]
"restrictanonymoussam"="1 (0x1)" [X]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-01 2165256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-04 86016]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2009-10-04 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2009-10-04 94208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-10-04 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\Online Armor\oaevent.dll" [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/07/2009 19:39 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/07/2009 19:39 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/07/2009 19:39 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/06/2009 15:47 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [18/07/2009 23:15 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [18/07/2009 23:15 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\
FF - component: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'winlogon.exe'(3132)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-14 18:15
ComboFix-quarantined-files.txt 2009-11-14 18:14
ComboFix2.txt 2009-11-13 21:16

Pre-Run: 355,671,572,480 bytes free
Post-Run: 355,645,472,768 bytes free

- - End Of File - - F0DC5D63D48B84354B06F1A86DA560DD

and here is hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:11, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'samantha drake')
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'samantha drake')
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [Fast Drv] C:\DOCUME~1\SAMANT~1.DAN\LOCALS~1\Temp\rfwhost.exe (User 'samantha drake')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6685 bytes

Looks like that not everything which is installed is legit.

Uninstall these:

AusLogics BoostSpeed
Cheetah DVD Burner
WinRAR archiver

After that:

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

all uninstalled as u requested :) and here is the the saved list

ACE Mega CoDecS Pack
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
BroadJump Client Foundation
CCleaner
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
E.M. Youtube Video Download Tool 3.10
Easy Avi/Divx/Xvid to DVD Burner 2.5.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Java(TM) 6 Update 17
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVIDIA WDM Drivers
Online Armor 3.5
PKR
Radar Screensaver version 1.71
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Samsung Master
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shockwave
SopCast 2.0.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip Self-Extractor
XpertVision 5.7

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

hi here is the log you wanted
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, November 15, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, November 15, 2009 20:05:58
Records in database: 3217742
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 86038
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:35:46


File name / Threat / Threats count
C:\Documents and Settings\Danny Haslam.DANNY\Desktop\secuirty\MGtools.exe Infected: Trojan-Dropper.Win32.Agent.bhyc 1
C:\System Volume Information\_restore{0DA40C47-EA5C-4E24-A62C-F0B7EABF6A15}\RP114\A0025895.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.b 1

Selected area has been scanned.

hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:43:18, on 15/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6387 bytes

Delete this:

C:\Documents and Settings\Danny Haslam.DANNY\Desktop\secuirty\MGtools.exe

Empty Recycle Bin.

Still problems?

hi
i still cant turn on windows update.deleted mgtools and emptied recycle bin

Please go to start - run - services.msc - ok and tell me if Automatic Updates service and Background Intelligent service are running.

hi yes Background Intelligent has started but i cant find automatic update service on the list :(
is that a bad thing?

Yes it is not normal.

See here (http://www.aota.net/forums/archive/index.php/t-17881.html) and let me know if it helped.

right i have added that using command prompt but it didnt work :( typed it out and pressed enter cursor went to a timer then finished what it was doing click on auto updates icon near my clock which is red and still turned off. i went to services.msc to see if it was in the list but still not there.what do you think could be causing this?

Hard to say. Was it there before infection?

no i dont think it was there before infection and i just cant seem to get it back on now.any idea whats next?

Then repair installation of windows would be a good idea.

Do you have windows CD handy?

ye i have a windows cd but not sure how to do. also dont have a printer to print off instructions :( it is easy?

hi i just went to start, run, and typed in regsvr32 wuaueng.dll and the automatic update icon has now gone and seems to be working.i typed in services.msc to see if automatic udate was in the list and its there now :)
so i think its done. anything else you recommend for to do to make sure the trojan and keylogger has gone? thanks

Good :)

Yes unless nothing else left?

nope i think its all gd now thanks
your help is most appreciated and what you do is fab :) keep up the good work
couldnt do it without you

Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://www.lognrock.com/forum/index.php?showtopic=6926)

Malwarebytes' Anti-Malware Scanning Guide (http://www.lognrock.com/forum/index.php?showtopic=6913)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.