windows security alert

**Shaba** · 2009-11-13, 19:26

We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.

**muffun** · 2009-11-13, 21:23

hi i went to the site you had posted and downloaded and ran combofix. once combofix said it was gonna reboot. it rebooted and when windows started up a pop up message came up saying
C:\combofix\CF124.exe
windows cannot access the specifed device, path, or file. you may not have the appropriate permissions to access the item.
i ran the hjt and got a log but combofix didnt produce one.

here is hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:19:32, on 13/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]
O4 - HKLM\..\Run: [restrictanonymoussam]
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF124.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6356 bytes

**muffun** · 2009-11-13, 22:19

sorry i have found the combofix log file and here it is

ComboFix 09-11-13.06 - Danny Haslam 13/11/2009 21:06.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1412 [GMT 0:00]
Running from: c:\documents and settings\Danny Haslam.DANNY\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.

2009-11-13 14:50 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2009-11-13 14:50 . 2009-11-13 14:50 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\WINDOWS
2009-11-13 14:24 . 2005-04-28 06:17 65536 ----a-r- c:\windows\system32\lxcecfg.dll
2009-11-13 14:24 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-13 14:24 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 14:24 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-13 14:24 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- C:\rsit
2009-11-12 14:23 . 2009-11-12 14:25 104521 ----a-w- C:\MGlogs.zip
2009-11-12 14:23 . 2009-11-12 14:25 -------- d-----w- C:\MGtools
2009-11-12 12:36 . 2009-11-12 12:36 117760 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-12 12:35 . 2009-11-12 12:35 65024 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-11-12 12:35 . 2009-11-12 12:35 5120 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-11-12 12:35 . 2009-11-12 12:35 18944 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com
2009-11-08 20:17 . 2009-11-08 20:17 77824 ----a-w- c:\temp\autoplay.exe
2009-11-08 20:16 . 2009-11-08 20:16 1167360 ----a-w- c:\temp\mjf64.exe
2009-11-08 20:10 . 2009-11-08 20:10 1167360 ----a-w- c:\temp\mjf76.exe
2009-11-08 18:06 . 2009-11-12 16:42 -------- d-----w- c:\program files\Trend Micro
2009-11-08 17:52 . 2009-11-08 17:52 4045527 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Malwarebytes
2009-11-08 17:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 17:51 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-08 13:17 . 2009-11-08 20:16 56320 ----a-w- c:\temp\Setup.exe
2009-11-07 16:02 . 2009-11-07 16:02 -------- d-----w- c:\program files\directx
2009-11-07 11:04 . 2009-08-31 19:52 52224 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
2009-11-07 11:04 . 2009-08-31 19:52 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-11-05 20:30 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-05 20:30 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-05 20:30 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-05 20:30 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-03 20:34 . 2009-11-03 20:34 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 12:10 . 2009-11-01 18:55 852 ----a-w- c:\windows\system32\Infoa.dat
2009-10-31 12:10 . 2009-11-01 18:55 3611 ----a-w- c:\windows\system32\Infob.dat
2009-10-31 12:09 . 2009-11-01 12:08 500 ----a-w- c:\windows\system32\treeinfo.dat
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- C:\Y.D.T
2009-10-31 12:09 . 2009-11-01 12:08 -------- d-----w- c:\program files\E.M. Youtube Video Download Tool
2009-10-31 09:39 . 2009-10-31 09:39 -------- d--h--w- c:\documents and settings\Danny Haslam.DANNY\InstallAnywhere
2009-10-30 19:15 . 2009-10-30 19:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 13:48 . 2009-08-26 15:22 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
2009-10-28 17:48 . 2009-10-28 17:48 -------- d-----w- C:\Microgaming
2009-10-26 14:30 . 2009-10-26 14:30 -------- d--h--w- c:\windows\PIF
2009-10-21 07:59 . 2009-10-21 07:59 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\PCHealth
2009-10-20 13:26 . 2009-10-30 22:32 -------- d-----w- c:\program files\Software Illusions
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\Identities
2009-10-17 07:05 . 2009-10-17 07:05 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\PCHealth
2009-10-17 02:04 . 2009-10-17 02:04 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 19:44 . 2009-09-12 21:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-12 12:35 . 2008-07-17 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-12 12:31 . 2009-07-20 19:55 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
2009-11-11 20:47 . 2009-07-20 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-10 22:19 . 2009-07-30 20:28 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\vlc
2009-11-08 18:41 . 2008-09-26 22:39 -------- d-----w- c:\program files\LimeWire
2009-11-08 17:52 . 2008-10-26 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 17:03 . 2009-07-20 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 16:54 . 2009-07-19 21:46 43920 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 20:30 . 2009-08-04 15:08 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sports Interactive
2009-11-05 20:27 . 2008-09-20 12:40 -------- d-----w- c:\program files\Sports Interactive
2009-11-03 20:35 . 2009-07-28 20:54 -------- d-----w- c:\program files\Java
2009-11-01 18:24 . 2009-08-03 19:57 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\vlc
2009-10-26 14:29 . 2009-08-03 20:02 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
2009-10-15 05:22 . 2009-08-20 18:45 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire
2009-10-14 19:44 . 2009-07-30 20:29 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\dvdcss
2009-10-14 05:24 . 2009-10-07 17:41 230992 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 20:38 . 2008-06-20 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 04:17 . 2009-07-28 20:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 13:48 . 2009-10-01 18:41 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Auslogics
2009-10-08 13:52 . 2009-10-08 13:52 -------- d-----w- c:\program files\Radar Screensaver
2009-10-07 17:16 . 2008-06-20 20:34 -------- d-----w- c:\program files\Samsung
2009-10-06 15:01 . 2009-10-06 15:01 -------- d-----w- c:\program files\IMSIDesign
2009-10-06 14:58 . 2009-10-06 14:58 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\IMSIDesign
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\DAZ 3D
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\program files\Common Files\DAZ
2009-10-06 14:07 . 2009-10-06 14:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2009-10-04 15:40 . 2000-04-03 16:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2009-10-04 15:39 . 2009-07-19 16:07 49152 ------r- c:\windows\system32\ChCfg.exe
2009-10-04 15:39 . 2006-02-28 12:00 77824 ----a-w- c:\windows\system32\cliconfg.dll
2009-10-04 15:39 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-04 15:39 . 2008-06-20 17:40 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2009-10-04 15:39 . 2008-06-20 17:40 2879488 ----a-r- c:\windows\SkyTel.exe
2009-10-04 15:35 . 2009-07-19 16:06 499712 ------r- c:\windows\RtlExUpd.dll
2009-10-04 15:35 . 2008-06-20 17:40 364544 ----a-r- c:\windows\RtlUpd.exe
2009-10-04 15:17 . 2009-09-05 21:51 737280 ----a-w- c:\windows\iun6002.exe
2009-10-04 15:13 . 2008-06-20 17:40 69632 ----a-r- c:\windows\ALCMTR.EXE
2009-10-04 14:46 . 2009-08-03 19:31 114688 ----a-w- c:\documents and settings\samantha drake.DANNY\Application Data\Mozilla\Firefox\Profiles\xgvwmit5.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-10-01 19:00 . 2009-10-01 18:59 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\Auslogics
2009-10-01 18:55 . 2009-10-01 18:41 -------- d-----w- c:\program files\Auslogics
2009-09-28 19:04 . 2008-06-21 15:11 -------- d-----w- c:\program files\PKR
2009-09-18 12:18 . 2009-09-18 12:18 -------- d-----w- c:\program files\PCPitstop
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-07-27 13:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:27 . 2009-08-05 11:15 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnableDCOM"="N" [X]
"restrictanonymous"="1 (0x1)" [X]
"restrictanonymoussam"="1 (0x1)" [X]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-01 2165256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-04 86016]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2009-10-04 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2009-10-04 94208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-10-04 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\Online Armor\oaevent.dll" [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/07/2009 19:39 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/07/2009 19:39 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/07/2009 19:39 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/06/2009 15:47 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [18/07/2009 23:15 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [18/07/2009 23:15 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\
FF - component: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'winlogon.exe'(1940)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll

- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\program files\Tall Emu\Online Armor\OAwatch.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-13 21:16
ComboFix-quarantined-files.txt 2009-11-13 21:15

Pre-Run: 355,754,180,608 bytes free
Post-Run: 355,723,390,976 bytes free

- - End Of File - - 5247337B98BDA614B24B921011A6DD77

**Shaba** · 2009-11-14, 15:51

Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
c:\temp\autoplay.exe
c:\temp\mjf64.exe
c:\temp\mjf76.exe

Folder::
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
c:\program files\LimeWire
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

**muffun** · 2009-11-14, 19:47

ComboFix 09-11-14.03 - Danny Haslam 14/11/2009 17:56.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1413 [GMT 0:00]
Running from: c:\documents and settings\Danny Haslam.DANNY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Danny Haslam.DANNY\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

FILE ::
"c:\temp\autoplay.exe"
"c:\temp\mjf64.exe"
"c:\temp\mjf76.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\active.mojito
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\downloads.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\gnutella.net
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\installation.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\library.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\library5.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\limewire.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\lock
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mojito.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\0E6B8B2Ad01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\75B8DBA3d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A89d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\Cache\CB7E9345d01
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\questions.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\responses.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\simpp.xml
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\spam.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\version.xml
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\versions.props
c:\documents and settings\Danny Haslam.DANNY\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\[PC] 18 WHEELS OF STEEL EXTREME TRUCKER-[ESPACONSOLAS.com].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\[shiftkontrol]WSBK.2009.Round02.Qatar.Race1.Eurosport2.XviD.English.asd.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\21 Slot Machine Games (full) [yahaa.org].rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Adulthood.LiMiTED.DVDRip.XviD.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Amateur.Strip.Night.First.Time.PPV.DSRip.XviD-aAF.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Annabelle Flowers.mov.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\ap3086-4.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\AusLogics BoostSpeed 4.2.8.175 [h33t] [^MiXaLa_KiS^].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Auslogics BoostSpeed v4.1.4.135+Keygen.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Big Tunes Back 2 The 90s.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bigfish Games - Wheel of Fortune 2.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew-Time 2 Shine-WLY.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew - Time 2 Shine.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blackout Crew - Time 2 Shine.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Blank.Check.1994.AC3.DvDrip.XviD.SWESUB-KickFoot.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Boat.Trip.DVDRip.XViD-DVL.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Heaven 14.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 15.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 15.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Heaven 6.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven 9 2008.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\BOUNCE HEAVEN EVENT 4 - 7CDS FEB 08.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\bounce heaven in the venue 2009 bh16.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bounce Mania - 2009(split tracks + covers)barney's rg.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bouncy-Tunez Vol 16.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Bruno.TS.XviD-Lynks.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Call_Of_Juarez_Bound_In_Blood.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Championship.Manager.2007.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Championship.Manager.2010-RELOADED.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Cheetah DVD Burner 2.18 & CD Burner 4.12 + Serial [h33t] [CaZoR].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\CluedoReloaded.rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Command.And.Conquer.3.Kanes.Wrath.Full-Rip.Multi-6.Skullptura.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Conspiracy Weapons of Mass Destruction.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Dance Flick.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The Gathering.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The Heist [2006].avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - The System [2008].avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown - Trick Or Treat S02.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown Plays Russian Roulette.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Derren Brown Trick Or Treat S01E02.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\derren.brown.evening.of.wonder.ws.pdtv.xvid-ftp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\dht.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Dj Edd Vs Dj Harpo - Bouncy-Tunez Vol 17.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Easy Avi Divx Xvid to DVD Burner v2.5.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fantasy Mom 2 - DVDRip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Farming Simulator 2009[English][PC] [NLT Release].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Feds (1988) (Rebecca De Mornay).avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fighting Unrated 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\fm2009.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Football Manager 2009.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Football.Manager.2010-RELOADED.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Frankie.Boyle.Live.DVDRip.XviD-HAGGiS.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\free.world.of.warcraft.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Fruit machines.rar.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Funny.People.TS.XVID-V2- STG-FATAL.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Hearts of Iron III.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Hotel for Dogs (2009)DvDrip-CLEAR COPY-HQ-KR.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\How.to.Lose.Friends.and.Alienate.People.DVDRip.XviD.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\I Love You Man.2009.DvdRip.Xvid {1337x}-Noir.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\IMSI Design TurboCAD Pro Platinum v16 0 and CAD 3D Max v19 1 [h33t][deepstatus].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Jeremy.Clarkson.Duel.2009.XviD-FM.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Kidulthood[2006]DvDrip-aXXo.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Land Of The Lost[2009]{Proper}DvDrip-LW.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Meet The Robinsons 2007 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Michael.McIntyre.Live.And.Laughing.DVDRip.XviD-HAGGiS.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Naomi&Gianna.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Observe.and.Report.DVDSCR.XviD-DoNE.1.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Observe.and.Report.DVDSCR.XviD-DoNE.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\PC Pitstop Optimize 1.5.10.8.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Queen - Greatest Hits (November 2, 1981) Remaster (2009).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Race To Witch Mountain 2009 BRRip H264 5.1 ch-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Radar Screensaver 1.71 - JuBox - [h33t] + Crack.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\resume.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Road Trip Beer Pong 2009 DVDRip XviD-BeStDivX.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\rss.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - All Blacks in Tour 2008 - Scozia.divx.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - Tri Nations 20070630 Australia vs New Zealand.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Rugby - Tri Nations 20070714 New Zealand vs South Africa.wmv.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\settings.dat
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\SHIFTY [2008] DvDrip.Eng.Xvid-ST3PH.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six Nations Rugby Union - France v Wales 270209.thebox.hannibal.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six Nations Rugby Union - Wales V Ireland 21.03.09.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Six.Nations.Rugby.Union.France.vs.Wales.WS.PDTV.XVID-PRETOME.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Street Kings 2008 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\stripshow17.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Superbikes.XS.Ultimate.Crash.DVD.Xvid.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Rainmaker (1997).avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Rainmaker.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Taking Of Pelham 123 TS XVID READ NFO - STG.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The Worrst Aldum In The World Ever Ever.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The.Boat.That.Rocked.2009.DvDRip-FxM.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\The.Great.British.Pub.Quiz.2008.Interactive.DVD-Crackpots.[PC].[www.SpaTorrent.com].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Top.Gear.13x05.WS.PDTV.XviD-FoV.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\top.gear.ground.force.sports.relief.2008.ws.pdtv.xvid-sparel.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Train Simulator.zip.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Trainz.Simulator.2009.World.Builder.Edition-SKIDROW.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\VA-Wigan_Pier_Presents_Bounce-4CD-2008-(Kingdom-music by Bob White).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Wigan Pier 65 [2009] 2CD's (BINGOWINGZ).torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Winrar 3.80 Professional [blaze69].torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Winzip Self Extractor 4.0 with Key.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\WSBK.2009.Round01.Australia.Race1.EurosportUK.XviD.English-lcp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\WSBK.2009.Round01.Australia.Race2.EurosportUK.XviD.English-lcp.avi.torrent
c:\documents and settings\Danny Haslam.DANNY\Application Data\uTorrent\Zombieland 2009 TELESYNC H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\101 Housework Songs - Various.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Cass.2008.LiMiTED.PROPER.DVDRiP.XViD.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\dht.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\dht.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Doghouse 2009 BRRip H264 AAC-SecretMyth (Kingdom-Release).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Going Off Bigtime [2000] DVDRip KvCD (A UKB-Release By BINGOWINGZ).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Jack.Said.LiMiTED.DVDRip.XviD-DiVERSE.NoRar.www.crazy-torrent.com.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Joint Ops Typhoon Rising + Joint Ops Escalation{Dotcom1}.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Keeps Gettin' Better- A Decade of Hits.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Now Thats What I Call Music 73(pongo1128).torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Pink - Funhouse [2008][320kbps]MP3-MT.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\resume.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\resume.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Rise of the Footsoldier[2007]DvDrip[Eng]-FXG.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\rss.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\rss.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\settings.dat
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\settings.dat.old
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Business.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Proposal[2009]DvDrip[Eng]-FXG.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\The Pussycat Dolls - Doll Domination 2.0 (2009) NLT-Release.torrent
c:\documents and settings\samantha drake.DANNY\Application Data\uTorrent\Untraceable[2008]R5.DvDrip[Eng]-aXXo.torrent
c:\program files\LimeWire
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\temp\autoplay.exe
c:\temp\mjf64.exe
c:\temp\mjf76.exe
this is half of combo as it would not all fit

**muffun** · 2009-11-14, 19:47

here is the second lot of combofix

((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-13 14:50 . 1997-04-08 20:08 299520 ----a-w- c:\windows\uninst.exe
2009-11-13 14:50 . 2009-11-13 14:50 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\WINDOWS
2009-11-13 14:24 . 2005-04-28 06:17 65536 ----a-r- c:\windows\system32\lxcecfg.dll
2009-11-13 14:24 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-13 14:24 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-13 14:24 . 2001-08-17 22:36 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-13 14:24 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2009-11-12 16:42 . 2009-11-12 16:42 -------- d-----w- C:\rsit
2009-11-12 14:23 . 2009-11-12 14:25 104521 ----a-w- C:\MGlogs.zip
2009-11-12 14:23 . 2009-11-12 14:25 -------- d-----w- C:\MGtools
2009-11-12 12:36 . 2009-11-12 12:36 117760 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-11-12 12:35 . 2009-11-12 12:35 65024 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-11-12 12:35 . 2009-11-12 12:35 5120 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2009-11-12 12:35 . 2009-11-12 12:35 18944 ----a-r- c:\documents and settings\Danny Haslam.DANNY\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-12 12:35 . 2009-11-12 12:35 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\SUPERAntiSpyware.com
2009-11-08 18:06 . 2009-11-12 16:42 -------- d-----w- c:\program files\Trend Micro
2009-11-08 17:52 . 2009-11-08 17:52 4045527 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Malwarebytes
2009-11-08 17:51 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-08 17:51 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-08 17:51 . 2009-11-08 17:51 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-11-08 13:17 . 2009-11-08 20:16 56320 ----a-w- c:\temp\Setup.exe
2009-11-07 16:02 . 2009-11-07 16:02 -------- d-----w- c:\program files\directx
2009-11-07 11:04 . 2009-08-31 19:52 52224 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
2009-11-07 11:04 . 2009-08-31 19:52 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-11-05 20:30 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-05 20:30 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-05 20:30 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-05 20:30 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-05 20:29 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-03 20:34 . 2009-11-03 20:34 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-31 12:10 . 2009-11-01 18:55 852 ----a-w- c:\windows\system32\Infoa.dat
2009-10-31 12:10 . 2009-11-01 18:55 3611 ----a-w- c:\windows\system32\Infob.dat
2009-10-31 12:09 . 2009-11-01 12:08 500 ----a-w- c:\windows\system32\treeinfo.dat
2009-10-31 12:09 . 2009-10-31 12:09 -------- d-----w- C:\Y.D.T
2009-10-31 12:09 . 2009-11-01 12:08 -------- d-----w- c:\program files\E.M. Youtube Video Download Tool
2009-10-31 09:39 . 2009-10-31 09:39 -------- d--h--w- c:\documents and settings\Danny Haslam.DANNY\InstallAnywhere
2009-10-30 19:15 . 2009-10-30 19:20 -------- d-----w- c:\windows\system32\Adobe
2009-10-29 13:48 . 2009-08-26 15:22 114688 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
2009-10-28 17:48 . 2009-10-28 17:48 -------- d-----w- C:\Microgaming
2009-10-26 14:30 . 2009-10-26 14:30 -------- d--h--w- c:\windows\PIF
2009-10-21 07:59 . 2009-10-21 07:59 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\PCHealth
2009-10-20 13:26 . 2009-10-30 22:32 -------- d-----w- c:\program files\Software Illusions
2009-10-17 13:27 . 2009-10-17 13:27 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\Identities
2009-10-17 07:05 . 2009-10-17 07:05 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Local Settings\Application Data\PCHealth
2009-10-17 02:04 . 2009-10-17 02:04 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 19:44 . 2009-09-12 21:05 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-11-12 12:35 . 2008-07-17 14:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-11 20:47 . 2009-07-20 19:43 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-11-10 22:19 . 2009-07-30 20:28 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\vlc
2009-11-08 17:52 . 2008-10-26 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-08 17:03 . 2009-07-20 19:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-08 16:54 . 2009-07-19 21:46 43920 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 20:30 . 2009-08-04 15:08 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sports Interactive
2009-11-05 20:27 . 2008-09-20 12:40 -------- d-----w- c:\program files\Sports Interactive
2009-11-03 20:35 . 2009-07-28 20:54 -------- d-----w- c:\program files\Java
2009-11-01 18:24 . 2009-08-03 19:57 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\vlc
2009-10-14 19:44 . 2009-07-30 20:29 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\dvdcss
2009-10-14 05:24 . 2009-10-07 17:41 230992 ----a-w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-13 20:38 . 2008-06-20 17:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 04:17 . 2009-07-28 20:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 13:48 . 2009-10-01 18:41 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Auslogics
2009-10-08 13:52 . 2009-10-08 13:52 -------- d-----w- c:\program files\Radar Screensaver
2009-10-07 17:16 . 2008-06-20 20:34 -------- d-----w- c:\program files\Samsung
2009-10-06 15:01 . 2009-10-06 15:01 -------- d-----w- c:\program files\IMSIDesign
2009-10-06 14:58 . 2009-10-06 14:58 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\IMSIDesign
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\documents and settings\Danny Haslam.DANNY\Application Data\DAZ 3D
2009-10-06 14:25 . 2009-10-06 14:25 -------- d-----w- c:\program files\Common Files\DAZ
2009-10-06 14:07 . 2009-10-06 14:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
2009-10-04 15:40 . 2000-04-03 16:52 151552 ----a-w- c:\windows\system32\RDOCURS.DLL
2009-10-04 15:39 . 2009-07-19 16:07 49152 ------r- c:\windows\system32\ChCfg.exe
2009-10-04 15:39 . 2006-02-28 12:00 77824 ----a-w- c:\windows\system32\cliconfg.dll
2009-10-04 15:39 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-04 15:39 . 2008-06-20 17:40 86016 ----a-r- c:\windows\SOUNDMAN.EXE
2009-10-04 15:39 . 2008-06-20 17:40 2879488 ----a-r- c:\windows\SkyTel.exe
2009-10-04 15:35 . 2009-07-19 16:06 499712 ------r- c:\windows\RtlExUpd.dll
2009-10-04 15:35 . 2008-06-20 17:40 364544 ----a-r- c:\windows\RtlUpd.exe
2009-10-04 15:17 . 2009-09-05 21:51 737280 ----a-w- c:\windows\iun6002.exe
2009-10-04 15:13 . 2008-06-20 17:40 69632 ----a-r- c:\windows\ALCMTR.EXE
2009-10-04 14:46 . 2009-08-03 19:31 114688 ----a-w- c:\documents and settings\samantha drake.DANNY\Application Data\Mozilla\Firefox\Profiles\xgvwmit5.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\npmozax.dll
2009-10-01 19:00 . 2009-10-01 18:59 -------- d-----w- c:\documents and settings\samantha drake.DANNY\Application Data\Auslogics
2009-10-01 18:55 . 2009-10-01 18:41 -------- d-----w- c:\program files\Auslogics
2009-09-28 19:04 . 2008-06-21 15:11 -------- d-----w- c:\program files\PKR
2009-09-18 12:18 . 2009-09-18 12:18 -------- d-----w- c:\program files\PCPitstop
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-07-27 13:19 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-08-29 08:08 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-19 19:27 . 2009-08-05 11:15 152576 ----a-w- c:\documents and settings\Danny Haslam.DANNY\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnableDCOM"="N" [X]
"restrictanonymous"="1 (0x1)" [X]
"restrictanonymoussam"="1 (0x1)" [X]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2007-11-01 2165256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-10-04 86016]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-07-11 2121416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2009-10-04 192512]
"EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2009-10-04 94208]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2009-10-04 2879488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-09-12 16264192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\Online Armor\oaevent.dll" [2009-07-11 336584]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/07/2009 19:39 200784]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/07/2009 19:39 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/07/2009 19:39 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/06/2009 15:47 108289]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [18/07/2009 23:15 362184]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [18/07/2009 23:15 3142344]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.virginmedia.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\
FF - component: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\{00b8e20c-5c71-4c2f-85a5-6ad541500df0}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\Danny Haslam.DANNY\Application Data\Mozilla\Firefox\Profiles\i1ll4d6d.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(528)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'winlogon.exe'(3132)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-11-14 18:15
ComboFix-quarantined-files.txt 2009-11-14 18:14
ComboFix2.txt 2009-11-13 21:16

Pre-Run: 355,671,572,480 bytes free
Post-Run: 355,645,472,768 bytes free

- - End Of File - - F0DC5D63D48B84354B06F1A86DA560DD

**muffun** · 2009-11-14, 19:48

and here is hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:11, on 14/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EnableDCOM] N
O4 - HKLM\..\Run: [restrictanonymous]
O4 - HKLM\..\Run: [restrictanonymoussam]
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'samantha drake')
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'samantha drake')
O4 - HKUS\S-1-5-21-1214440339-1303643608-839522115-1005\..\Run: [Fast Drv] C:\DOCUME~1\SAMANT~1.DAN\LOCALS~1\Temp\rfwhost.exe (User 'samantha drake')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1248199174296
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6685 bytes

**Shaba** · 2009-11-15, 12:17

Looks like that not everything which is installed is legit.

Uninstall these:

AusLogics BoostSpeed
Cheetah DVD Burner
WinRAR archiver

After that:

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

**muffun** · 2009-11-15, 12:39

all uninstalled as u requested

and here is the the saved list

ACE Mega CoDecS Pack
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11.5
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
BroadJump Client Foundation
CCleaner
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
E.M. Youtube Video Download Tool 3.10
Easy Avi/Divx/Xvid to DVD Burner 2.5.1
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Java(TM) 6 Update 17
Junk Mail filter update
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
NVIDIA Drivers
NVIDIA WDM Drivers
Online Armor 3.5
PKR
Radar Screensaver version 1.71
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Samsung Master
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shockwave
SopCast 2.0.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VLC media player 1.0.1
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip Self-Extractor
XpertVision 5.7

**Shaba** · 2009-11-15, 19:07

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

Thread: windows security alert

Thread Tools

Display

Posting Permissions