Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

popups.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

popups.

Unread postby ranma187 » July 22nd, 2009, 1:00 pm

K I got a bunch of popups today, Which almost NEVER happens. I ran spybot and a few other programs, but they keep popping up. Thanks for any help in advance!

here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:37 AM, on 7/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 38.113.174.32 dehp.myspace.com
O1 - Hosts: 38.113.174.32 demr.myspace.com
O1 - Hosts: 38.113.174.32 desk.myspace.com
O1 - Hosts: 38.113.174.32 delb.myspace.com
O1 - Hosts: 38.113.174.32 delb2.myspace.com
O1 - Hosts: 38.113.174.32 debr.myspace.com
O1 - Hosts: 68.178.151.28 view.atdmt.com
O2 - BHO: (no name) - {05BE02A3-7487-4716-BDF5-609CB4DA0C85} - (no file)
O2 - BHO: (no name) - {0B84DE56-AD8C-4E7D-B617-7FD4ADFC4FC0} - (no file)
O2 - BHO: (no name) - {23E825FA-0391-46AE-9763-E2652054813C} - (no file)
O2 - BHO: Media Access Startup - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5F7FD117-4620-44AB-A7F3-B89E86CC9B29} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94FFDC0A-A9D5-4AE6-923F-6743A0BEA319} - (no file)
O2 - BHO: (no name) - {AA13EA66-2289-0873-FB34-7DA2909C18E5} - (no file)
O2 - BHO: (no name) - {b249ef4b-e90d-41bc-a39c-3d73126a5cda} - (no file)
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.0.840\ssd.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: (no name) - {e370059d-8f4c-41aa-a7c7-efca15423f43} - (no file)
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Reimage PC Booster] "C:\Program Files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" false na "C:\Program Files\Reimage\Reimage PC Booster\ReimageBooster.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Error Fix] C:\Program Files\Error Fix\Error Fix.exe -boot
O4 - Global Startup: WeGame.lnk = C:\Program Files\WeGame\wegame.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net ... plugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O20 - Winlogon Notify: awtrRJdc - C:\WINDOWS\
O23 - Service: Google Update Service (gupdate1c912132a900a32) (gupdate1c912132a900a32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7171 bytes
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm
Advertisement
Register to Remove

Re: popups.

Unread postby Blade81 » July 25th, 2009, 7:02 am

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » July 26th, 2009, 12:06 pm

Here you go:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 10:01:31.87 on Sun 07/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.45 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: {05BE02A3-7487-4716-BDF5-609CB4DA0C85} - No File
BHO: {0B84DE56-AD8C-4E7D-B617-7FD4ADFC4FC0} - No File
BHO: {23E825FA-0391-46AE-9763-E2652054813C} - No File
BHO: Media Access Startup: {25b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\media access startup\1.5.0.850\HPIEAddOn.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: NP Helper Class: {35b8d58c-b0cb-46b0-ba64-05b3804e4e86} - c:\program files\internet saving optimizer\3.4.0.4340\NPIEAddOn.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {5F7FD117-4620-44AB-A7F3-B89E86CC9B29} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {94FFDC0A-A9D5-4AE6-923F-6743A0BEA319} - No File
BHO: {AA13EA66-2289-0873-FB34-7DA2909C18E5} - No File
BHO: {b249ef4b-e90d-41bc-a39c-3d73126a5cda} - No File
BHO: System Search Dispatcher: {cdbfb47b-58a8-4111-bf95-06178dce326d} - c:\program files\system search dispatcher\1.3.0.840\ssd.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
BHO: {e370059d-8f4c-41aa-a7c7-efca15423f43} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [TELUS_eCare_Lite_McciTrayApp] c:\program files\telus_ecare_lite\eCareTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wegame.lnk - c:\program files\wegame\wegame.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j8jwequv.default\
FF - component: c:\program files\internet saving optimizer\3.4.0.4340\ff\components\NPFFAddOn.dll
FF - component: c:\program files\media access startup\1.5.0.850\ff\components\HPFFAddOn.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R3 cpuz128;cpuz128;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?]
S2 gupdate1c912132a900a32;Google Update Service (gupdate1c912132a900a32);c:\program files\google\update\GoogleUpdate.exe [2008-9-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-24 16512]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-22 10:22 <DIR> --d----- c:\program files\common files\Vbox
2009-07-22 10:21 <DIR> --d----- c:\program files\Macromedia
2009-07-22 10:07 166 a------- c:\windows\system32\Compress.res
2009-07-22 10:07 230 a------- c:\windows\reimage.ini
2009-07-22 10:06 <DIR> --d----- C:\rei
2009-07-22 10:05 <DIR> --d----- c:\program files\Reimage
2009-07-22 09:31 <DIR> --d----- c:\docume~1\owner\applic~1\Error Fix
2009-07-22 09:30 <DIR> --d----- c:\program files\Error Fix
2009-07-22 09:30 <DIR> --d----- c:\program files\Downloaded Installers
2009-07-19 23:38 <DIR> --d----- c:\program files\Media Access Startup
2009-07-19 23:37 <DIR> --d----- c:\program files\Internet Saving Optimizer
2009-07-19 23:37 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-19 23:37 <DIR> --d----- c:\program files\DoubleD
2009-07-19 23:37 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\~0
2009-07-10 15:22 <DIR> --d----- c:\windows\system32\Adobe
2009-06-27 15:25 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-06-27 01:51 <DIR> --d----- C:\ComboFix
2009-06-27 01:51 388,608 a------- c:\windows\system32\CF6938.exe

==================== Find3M ====================

2009-07-23 10:31 1,632 a------- c:\windows\system32\d3d8caps.dat
2009-07-22 16:09 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 08:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 13:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-19 07:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-17 18:29 35,382 a------- c:\windows\scunin.dat
2009-05-17 18:29 94,208 a------- c:\windows\ScUnin.exe
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll
2009-04-28 22:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-28 22:55 78,336 a------- c:\windows\system32\ieencode.dll

============= FINISH: 10:02:45.98 ===============
You do not have the required permissions to view the files attached to this post.
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » July 27th, 2009, 2:32 am

Hi,

Please post attach.txt file contents in your reply without using attachments (zip would had been ok but rar file won't open without 3rd party app).

Seems that you've run ComboFix there (not recommended unless instructed!). Post contents of c:\ComboFix.txt back here too.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » July 27th, 2009, 12:39 pm

K sorry. I'll attach it as text. I ran combo fix a long time ago (last year). as instructed in another malware forum. I no longer have it.
You do not have the required permissions to view the files attached to this post.
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » July 27th, 2009, 4:48 pm

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

uTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » July 29th, 2009, 11:15 am

WTH? it changed my desktop theme :P so far no pupups. but when i star firefox there's an extra tab with an advert.

ComboFix 09-07-28.06 - Owner 07/29/2009 8:51.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.132 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Favorites\Download programs.url
c:\documents and settings\Owner\Favorites\Games.url
c:\documents and settings\Owner\Favorites\Translator.url
c:\documents and settings\Owner\Favorites\Videos.url
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\_tm51.tmp
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\adwpx.exe
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.0.850\Data\config.md
c:\program files\Media Access Startup\1.5.0.850\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.0.850\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.0.850\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.0.850\FF\install.rdf
c:\program files\Media Access Startup\1.5.0.850\HPCommon.dll
c:\program files\Media Access Startup\1.5.0.850\HPIEAddOn.dll
c:\program files\Media Access Startup\1.5.0.850\hppx.exe
c:\program files\Media Access Startup\1.5.0.850\MAHelper.exe
c:\program files\Media Access Startup\1.5.0.850\unins000.dat
c:\program files\Media Access Startup\1.5.0.850\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.

2009-07-29 14:24 . 2009-07-29 14:24 -------- d-----w- c:\windows\LastGood
2009-07-22 21:24 . 2009-07-22 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2009-07-22 16:22 . 2009-07-22 16:22 -------- d-----w- c:\program files\Common Files\Vbox
2009-07-22 16:21 . 2002-02-02 16:52 2088960 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll
2009-07-22 16:21 . 2002-01-24 17:00 1798144 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll
2009-07-22 16:21 . 2002-03-06 05:38 147456 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll
2009-07-22 16:21 . 2002-03-06 03:23 815104 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\authplay.dll
2009-07-22 16:21 . 2002-02-06 18:23 1085440 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\program files\Macromedia
2009-07-22 16:05 . 2009-07-27 07:08 -------- d-----w- c:\program files\Reimage
2009-07-22 15:31 . 2009-07-25 18:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Error Fix
2009-07-20 05:38 . 2009-07-20 05:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer
2009-07-20 05:38 . 2009-07-20 05:38 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup
2009-07-20 05:37 . 2009-07-20 05:37 -------- d-----w- c:\program files\System Search Dispatcher
2009-07-20 05:37 . 2009-07-20 05:37 -------- d-----w- c:\program files\DoubleD
2009-07-20 05:36 . 2009-07-20 05:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DoubleD
2009-07-15 22:51 . 2009-07-26 22:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-10 21:22 . 2009-07-12 16:07 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 03:33 . 2008-04-04 01:02 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-27 20:02 . 2009-07-27 20:02 811023 ----a-w- c:\windows\java\Packages\LJPRBNX3.ZIP
2009-07-27 19:48 . 2008-06-10 23:22 -------- d-----w- c:\program files\Starcraft
2009-07-27 05:04 . 2008-03-22 23:35 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-26 07:00 . 2008-03-21 00:32 -------- d-----w- c:\program files\LimeWire
2009-07-26 07:00 . 2008-03-21 00:36 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-07-26 06:32 . 2008-03-18 04:25 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2009-07-22 16:21 . 2008-03-26 22:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 00:51 . 2008-09-09 00:29 -------- d-----w- c:\program files\Google
2009-06-27 21:25 . 2009-02-05 16:16 -------- d-----w- c:\program files\Image-Line
2009-06-27 21:25 . 2009-06-27 21:25 -------- d-----w- c:\program files\ASIO4ALL v2
2009-06-27 21:23 . 2009-02-05 16:25 -------- d-----w- c:\program files\VstPlugins
2009-06-24 18:28 . 2008-03-17 23:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Audacity
2009-06-17 01:23 . 2009-01-25 02:37 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-06-17 01:22 . 2009-06-17 01:22 -------- d-----w- c:\program files\freestar
2009-06-17 01:11 . 2009-03-19 23:30 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2009-06-17 01:00 . 2009-03-19 23:30 -------- d-----w- c:\program files\mIRC
2009-06-17 00:51 . 2009-02-09 23:15 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 00:18 . 2009-04-09 04:15 -------- d-----w- c:\program files\AllToAVI
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 00:47 . 2009-06-13 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 00:46 . 2009-06-13 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 01:33 . 2008-07-20 23:09 -------- d-----w- c:\program files\WeGame
2009-06-09 22:43 . 2008-07-03 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 22:40 . 2008-07-03 13:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 17:23 . 2009-05-30 17:23 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-18 00:29 . 2009-05-18 00:25 35382 ----a-w- c:\windows\scunin.dat
2009-05-18 00:29 . 2009-05-18 00:25 967 ----a-w- c:\windows\ScUnin.pif
2009-05-18 00:29 . 2009-05-18 00:25 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-22 14:31 . 2009-06-19 19:51 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"TELUS_eCare_Lite_McciTrayApp"="c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-26 1007720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-07-15 83240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2008-7-20 4112896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrRJdc]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kazaa Lite Revolution\\kazaalite.kpp"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/24/2009 5:05 PM 16512]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 00:29]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 00:29]
.
- - - - ORPHANS REMOVED - - - -

BHO-{05BE02A3-7487-4716-BDF5-609CB4DA0C85} - (no file)
BHO-{0B84DE56-AD8C-4E7D-B617-7FD4ADFC4FC0} - (no file)
BHO-{23E825FA-0391-46AE-9763-E2652054813C} - (no file)
BHO-{5F7FD117-4620-44AB-A7F3-B89E86CC9B29} - (no file)
BHO-{94FFDC0A-A9D5-4AE6-923F-6743A0BEA319} - (no file)
BHO-{AA13EA66-2289-0873-FB34-7DA2909C18E5} - (no file)
BHO-{b249ef4b-e90d-41bc-a39c-3d73126a5cda} - (no file)
BHO-{e370059d-8f4c-41aa-a7c7-efca15423f43} - (no file)


.
------- Supplementary Scan -------
.
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://discussion.fastseduction.com:856 ... s40320.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8jwequv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... S:official\n
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-29 09:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-29 9:06
ComboFix-quarantined-files.txt 2009-07-29 15:06
ComboFix2.txt 2008-07-06 02:37

Pre-Run: 5,738,082,304 bytes free
Post-Run: 6,203,633,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

191 --- E O F --- 2009-07-15 09:05
-------------------------------------------------------------------------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 9:13:15.23 on Wed 07/29/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.42 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Reimage\Reimage PC Booster\REI_Booster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [TELUS_eCare_Lite_McciTrayApp] c:\program files\telus_ecare_lite\eCareTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wegame.lnk - c:\program files\wegame\wegame.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://discussion.fastseduction.com:856 ... s40320.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j8jwequv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... S:official\n
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S2 gupdate1c912132a900a32;Google Update Service (gupdate1c912132a900a32);c:\program files\google\update\GoogleUpdate.exe [2008-9-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-24 16512]
S3 cpuz128;cpuz128;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-07-29 09:04 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-29 08:49 <DIR> a-dshr-- C:\cmdcons
2009-07-29 08:47 219,648 a------- c:\windows\PEV.exe
2009-07-29 08:47 161,792 a------- c:\windows\SWREG.exe
2009-07-29 08:47 98,816 a------- c:\windows\sed.exe
2009-07-22 10:22 <DIR> --d----- c:\program files\common files\Vbox
2009-07-22 10:21 <DIR> --d----- c:\program files\Macromedia
2009-07-22 10:07 166 a------- c:\windows\system32\Compress.res
2009-07-22 10:07 230 a------- c:\windows\reimage.ini
2009-07-22 10:05 <DIR> --d----- c:\program files\Reimage
2009-07-22 09:31 <DIR> --d----- c:\docume~1\owner\applic~1\Error Fix
2009-07-19 23:37 <DIR> --d----- c:\program files\System Search Dispatcher
2009-07-19 23:37 <DIR> --d----- c:\program files\DoubleD
2009-07-10 15:22 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-07-28 21:33 1,632 a------- c:\windows\system32\d3d8caps.dat
2009-07-27 14:02 811,023 a------- c:\windows\java\packages\LJPRBNX3.ZIP
2009-07-26 23:04 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-06-16 08:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 13:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-19 07:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-17 18:29 35,382 a------- c:\windows\scunin.dat
2009-05-17 18:29 94,208 a------- c:\windows\ScUnin.exe
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll

============= FINISH: 9:14:07.24 ===============
do you want the attach as well?
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » July 30th, 2009, 3:29 am

Hi again,

it changed my desktop theme

You may change it back when we've done the cleaning.


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup
c:\program files\System Search Dispatcher
c:\program files\DoubleD
c:\documents and settings\Owner\Local Settings\Application Data\DoubleD
c:\program files\LimeWire
c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\uTorrent
c:\Program Files\Kazaa Lite Revolution

DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No File

FireFox::
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j8jwequv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... S:official\n

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrRJdc]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kazaa Lite Revolution\\kazaalite.kpp"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Let's run MBAM as well since you have it installed there. Update its definitions and run a full scan. Let it delete (it quarantines its findings) found items and post its report back here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » August 1st, 2009, 8:15 pm

umm i tried to run the online scanner and it said i needed a newer version of java in order to run it.. even though i updated it with your instructions.

NVM it works in Opera. I've been having load of java errors on firefox. I seem to have a virus that infects firefox. I'll can and post the logs in a while
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby ranma187 » August 2nd, 2009, 10:49 pm

here's the combo fix log:

ComboFix 09-07-29.04 - Owner 07/30/2009 8:10.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.129 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\LimeWire
c:\documents and settings\Owner\Application Data\LimeWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Owner\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Owner\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Owner\Application Data\LimeWire\downloads.dat
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Owner\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Owner\Application Data\LimeWire\filters.props
c:\documents and settings\Owner\Application Data\LimeWire\gnutella.net
c:\documents and settings\Owner\Application Data\LimeWire\installation.props
c:\documents and settings\Owner\Application Data\LimeWire\library.dat
c:\documents and settings\Owner\Application Data\LimeWire\library5.dat
c:\documents and settings\Owner\Application Data\LimeWire\limewire.props
c:\documents and settings\Owner\Application Data\LimeWire\mojito.props
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\51CFDFBBd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\621685CBd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\98E79480d01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFAd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A8Fd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Owner\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Owner\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Owner\Application Data\LimeWire\questions.props
c:\documents and settings\Owner\Application Data\LimeWire\responses.cache
c:\documents and settings\Owner\Application Data\LimeWire\simpp.xml
c:\documents and settings\Owner\Application Data\LimeWire\spam.dat
c:\documents and settings\Owner\Application Data\LimeWire\tables.props
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Owner\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Owner\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Owner\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Owner\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Owner\Application Data\LimeWire\version.xml
c:\documents and settings\Owner\Application Data\LimeWire\versions.props
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\image.sxml2
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\image.sxml3
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Owner\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Owner\Application Data\uTorrent
c:\documents and settings\Owner\Application Data\uTorrent\[AHQ] Elfen Lied 1-13 [Dual Audio] MKV.1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\[AHQ] Elfen Lied 1-13 [Dual Audio] MKV.torrent
c:\documents and settings\Owner\Application Data\uTorrent\18 YEAR OLD TRANNY YRIS ROBINIO-SiLvErDuSt.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Authentic Man Program - Power of presence -.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Battlestar Galactica 04x02 sub ita By MentePazza.avi.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Battlestar.Galactica.S03.1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Battlestar.Galactica.S03.2.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Battlestar.Galactica.S03.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Battlestar.Galactica.S04E01.HDTV.XviD-LOL.[VTV].avi.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Crank[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\Owner\Application Data\uTorrent\dht.dat
c:\documents and settings\Owner\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\Fraps 2.9.4 Build 7037.torrent
c:\documents and settings\Owner\Application Data\uTorrent\gspeed.rar.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Guitar Pro 5.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Guitar Pro v5.2 (Full Version with CD Key).torrent
c:\documents and settings\Owner\Application Data\uTorrent\Guitar.Speed.Trainer.v2.3.8.4.WinAll.Cracked-PALACE.torrent
c:\documents and settings\Owner\Application Data\uTorrent\IRON_MAIDEN B_O_B.torrent
c:\documents and settings\Owner\Application Data\uTorrent\John E. Mack, M.D. - Transcending the Dualistic Mind.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Learning Japanese.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maddox - The Alphabet of Manliness.pdf.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maison Ikkoku.1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maison Ikkoku.2.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maison Ikkoku.3.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maison Ikkoku.4.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Maison Ikkoku.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Major Mark Cunningham - Hypnotic Awakenings (all tapes).zip.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Midi Made By Redtzer.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Moog Cookbook (2 Albums).torrent
c:\documents and settings\Owner\Application Data\uTorrent\Mozart Gould.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Online Seduction - How To Seduce Women Online In Two Easy Steps.pdf.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Panic Away.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Panic_Away_Program.pdf.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Paul Janka.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Queenborough - Occult Theocracy (monumental expose of secret societies worldwide) (1933).pdf.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Ranma ½ Season 7.1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Ranma ½ Season 7.torrent
c:\documents and settings\Owner\Application Data\uTorrent\resume.dat
c:\documents and settings\Owner\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\rss.dat
c:\documents and settings\Owner\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\Rumic World OVA.1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Rumic World OVA.torrent
c:\documents and settings\Owner\Application Data\uTorrent\settings.dat
c:\documents and settings\Owner\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Owner\Application Data\uTorrent\Star Trek Deep Space 9 Season 1.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Stephen Nash - 7-Day Natural Attraction.torrent
c:\documents and settings\Owner\Application Data\uTorrent\Switched On Bach.torrent
c:\documents and settings\Owner\Application Data\uTorrent\tommy_seebach_apache.mpeg.torrent
c:\documents and settings\Owner\Application Data\uTorrent\TWo-Shemale-Babes-Have-Anal-Sex-On-A-Couch.wmv.torrent
c:\documents and settings\Owner\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Owner\Application Data\uTorrent\Wendy Carlos - Switched On Bach.torrent
c:\documents and settings\Owner\Application Data\uTorrent\WTS.torrent
c:\documents and settings\Owner\Local Settings\Application Data\DoubleD
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-233859.578.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-233913.968.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-234501.562.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-234503.953.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-234610.171.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090719-235013.343.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-000323.468.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-101428.921.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-200110.187.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-203916.156.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090720-212556.937.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-003023.015.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-090632.328.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-094251.531.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-094847.593.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-100209.046.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-101354.078.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-201258.906.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-230707.671.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-231910.140.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090721-233846.250.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-002439.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-083152.312.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-101502.812.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-103553.640.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-104754.312.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-105326.906.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-123031.265.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-124509.671.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-131048.500.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-131635.437.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-132720.812.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-140618.578.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-142309.015.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-150135.062.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-153149.046.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-161632.562.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-164907.203.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-175601.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-194623.750.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-194802.375.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-205822.703.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-211130.078.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090722-212501.843.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-185932.328.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-224446.312.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090723-224757.062.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-173233.765.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090724-173434.703.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-015217.093.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-065658.437.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-142419.250.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-144409.421.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-002300.812.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-010106.890.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-125640.671.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-164140.750.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-223118.109.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-005621.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-005759.203.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-103943.015.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-121415.515.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-131830.293.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-135604.996.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-135953.965.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-163015.215.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-165741.918.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-231750.090.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-074242.261.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-084852.027.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-180946.730.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-190324.980.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-192934.839.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-202608.589.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090728-210221.527.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-054147.558.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-083151.089.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-084346.620.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-084515.948.log
c:\documents and settings\Owner\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\config.md
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-233804.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-233859.078.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-233913.828.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-234501.406.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-234503.937.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-234610.093.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090719-235013.250.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-000323.312.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-101428.046.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-200109.953.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-203916.093.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090720-212556.890.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-003022.968.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-090632.281.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-094251.500.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-094847.562.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-100209.015.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-101354.062.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-201258.859.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-230707.640.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-231910.093.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090721-233846.234.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-002439.015.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-083152.265.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-101502.750.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-103553.500.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-104754.281.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-105326.859.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-123031.234.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-124509.625.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-131048.468.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-131635.406.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-132720.765.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-140618.546.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-142308.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-150135.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-153148.937.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-161632.484.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-164907.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-175601.890.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-194623.687.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-194801.812.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-205822.656.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-211130.031.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090722-212501.796.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-185932.234.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-224446.250.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090723-224756.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-173233.718.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090724-173434.640.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-015217.062.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-065658.406.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-142419.203.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090725-144409.390.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-002300.750.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-010106.843.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-125640.484.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-164140.718.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090726-223118.078.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-005620.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-005758.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-103942.984.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-121415.484.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-131830.261.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-135604.965.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-135953.605.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-163015.183.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-165741.871.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090727-231749.996.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-074242.214.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-084851.995.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-180946.667.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-190324.948.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-192934.792.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-202608.558.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090728-210221.495.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-054147.511.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-083151.058.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-084346.573.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\HJHP_20090729-084515.917.log
c:\documents and settings\Owner\Local Settings\Application Data\Media Access Startup\1.5.0.850\ipdata.md
c:\program files\DoubleD
c:\program files\Kazaa Lite Revolution
c:\program files\Kazaa Lite Revolution\kazaalite.kpp
c:\program files\Kazaa Lite Revolution\klextlock.dat
c:\program files\Kazaa Lite Revolution\kpp.dll
c:\program files\Kazaa Lite Revolution\kppaddon.dll
c:\program files\LimeWire
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha4-20080321.114022-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080303.182830-4.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080303.182830-4.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\xml.war
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.3.0.840\Data\eacore.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.3.0.840\ssd.dll
c:\program files\System Search Dispatcher\1.3.0.840\unins000.dat
c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-22 21:24 . 2009-07-22 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Download Manager
2009-07-22 16:22 . 2009-07-22 16:22 -------- d-----w- c:\program files\Common Files\Vbox
2009-07-22 16:21 . 2002-02-02 16:52 2088960 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\Fireworks Importer.dll
2009-07-22 16:21 . 2002-01-24 17:00 1798144 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\ToonboomStudioImportPlugin.dll
2009-07-22 16:21 . 2002-03-06 05:38 147456 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\AIImport.dll
2009-07-22 16:21 . 2002-03-06 03:23 815104 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\authplay.dll
2009-07-22 16:21 . 2002-02-06 18:23 1085440 ----a-w- c:\documents and settings\Owner\Application Data\Macromedia\Flash MX\Configuration\Importers\FhDbRdr.dll
2009-07-22 16:21 . 2009-07-22 16:21 -------- d-----w- c:\program files\Macromedia
2009-07-22 16:05 . 2009-07-27 07:08 -------- d-----w- c:\program files\Reimage
2009-07-22 15:31 . 2009-07-25 18:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Error Fix
2009-07-15 22:51 . 2009-07-26 22:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-07-10 21:22 . 2009-07-12 16:07 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 19:39 . 2008-04-04 01:02 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-29 17:09 . 2008-03-22 23:35 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-27 20:02 . 2009-07-27 20:02 811023 ----a-w- c:\windows\java\Packages\LJPRBNX3.ZIP
2009-07-27 19:48 . 2008-06-10 23:22 -------- d-----w- c:\program files\Starcraft
2009-07-22 16:21 . 2008-03-26 22:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-18 00:51 . 2008-09-09 00:29 -------- d-----w- c:\program files\Google
2009-06-27 21:25 . 2009-02-05 16:16 -------- d-----w- c:\program files\Image-Line
2009-06-27 21:25 . 2009-06-27 21:25 -------- d-----w- c:\program files\ASIO4ALL v2
2009-06-27 21:23 . 2009-02-05 16:25 -------- d-----w- c:\program files\VstPlugins
2009-06-24 18:28 . 2008-03-17 23:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Audacity
2009-06-17 01:23 . 2009-01-25 02:37 -------- d-----w- c:\documents and settings\Owner\Application Data\dvdcss
2009-06-17 01:22 . 2009-06-17 01:22 -------- d-----w- c:\program files\freestar
2009-06-17 01:11 . 2009-03-19 23:30 -------- d-----w- c:\documents and settings\Owner\Application Data\mIRC
2009-06-17 01:00 . 2009-03-19 23:30 -------- d-----w- c:\program files\mIRC
2009-06-17 00:51 . 2009-02-09 23:15 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-17 00:18 . 2009-04-09 04:15 -------- d-----w- c:\program files\AllToAVI
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-13 00:47 . 2009-06-13 00:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 00:46 . 2009-06-13 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-12 01:33 . 2008-07-20 23:09 -------- d-----w- c:\program files\WeGame
2009-06-09 22:43 . 2008-07-03 13:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-09 22:40 . 2008-07-03 13:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-03 19:27 . 2004-08-04 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 17:23 . 2009-05-30 17:23 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-19 13:05 . 2009-05-19 13:05 1380403 ----a-w- c:\windows\system32\avgsdk.dll
2009-05-18 00:29 . 2009-05-18 00:25 35382 ----a-w- c:\windows\scunin.dat
2009-05-18 00:29 . 2009-05-18 00:25 967 ----a-w- c:\windows\ScUnin.pif
2009-05-18 00:29 . 2009-05-18 00:25 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-07 15:44 . 2004-08-04 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 20:30 . 2009-06-19 19:51 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 275800]
"TELUS_eCare_Lite_McciTrayApp"="c:\program files\TELUS_eCare_Lite\eCareTrayApp.exe" [2007-01-26 1007720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Reimage PC Booster"="c:\program files\Reimage\Reimage PC Booster\Postrebootexecuter.exe" [2009-07-15 83240]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WeGame.lnk - c:\program files\WeGame\wegame.exe [2008-7-20 4112896]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=

S2 gupdate1c912132a900a32;Google Update Service (gupdate1c912132a900a32);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2008 6:29 PM 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/24/2009 5:05 PM 16512]
S3 cpuz128;cpuz128;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz_x32.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 00:29]

2009-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-09 00:29]
.
.
------- Supplementary Scan -------
.
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://discussion.fastseduction.com:856 ... s40320.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j8jwequv.default\
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-30 08:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\DNSAPI.dll
.
Completion time: 2009-07-30 8:26
ComboFix-quarantined-files.txt 2009-07-30 14:26
ComboFix2.txt 2009-07-29 15:06
ComboFix3.txt 2008-07-06 02:37

Pre-Run: 5,966,934,016 bytes free
Post-Run: 6,027,927,552 bytes free

815 --- E O F --- 2009-07-15 09:05


DDS (Ver_09-06-26.01) - NTFSx86
Run by Owner at 20:46:07.75 on Sun 08/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.255.59 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [TELUS_eCare_Lite_McciTrayApp] c:\program files\telus_ecare_lite\eCareTrayApp.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Reimage PC Booster] "c:\program files\reimage\reimage pc booster\postrebootexecuter.exe" false na "c:\program files\reimage\reimage pc booster\ReimageBooster.exe" /tray
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wegame.lnk - c:\program files\wegame\wegame.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: ChatSpace Full Java Client 4.0.0.320 - hxxp://discussion.fastseduction.com:856 ... s40320.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\j8jwequv.default\
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

S2 gupdate1c912132a900a32;Google Update Service (gupdate1c912132a900a32);c:\program files\google\update\GoogleUpdate.exe [2008-9-8 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-1-24 16512]
S3 cpuz128;cpuz128;\??\c:\docume~1\owner\locals~1\temp\cpuz_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-08-01 18:27 3,584 a------- C:\1033.MST
2009-08-01 18:27 11,775,488 a------- C:\J2SE Runtime Environment 5.0 Update 5.msi
2009-07-30 20:07 <DIR> --d----- c:\program files\Sun
2009-07-30 20:06 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-30 20:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-29 09:04 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-29 08:49 <DIR> a-dshr-- C:\cmdcons
2009-07-29 08:47 219,648 a------- c:\windows\PEV.exe
2009-07-29 08:47 161,792 a------- c:\windows\SWREG.exe
2009-07-29 08:47 98,816 a------- c:\windows\sed.exe
2009-07-22 10:22 <DIR> --d----- c:\program files\common files\Vbox
2009-07-22 10:21 <DIR> --d----- c:\program files\Macromedia
2009-07-22 10:07 166 a------- c:\windows\system32\Compress.res
2009-07-22 10:07 230 a------- c:\windows\reimage.ini
2009-07-22 10:05 <DIR> --d----- c:\program files\Reimage
2009-07-22 09:31 <DIR> --d----- c:\docume~1\owner\applic~1\Error Fix
2009-07-10 15:22 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-08-02 20:26 1,744 a------- c:\windows\system32\d3d9caps.dat
2009-08-02 02:00 1,632 a------- c:\windows\system32\d3d8caps.dat
2009-07-27 14:02 811,023 a------- c:\windows\java\packages\LJPRBNX3.ZIP
2009-06-29 10:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 10:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 10:12 17,408 -------- c:\windows\system32\corpol.dll
2009-06-16 08:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-03 13:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-05-19 07:05 1,380,403 a------- c:\windows\system32\avgsdk.dll
2009-05-17 18:29 35,382 a------- c:\windows\scunin.dat
2009-05-17 18:29 94,208 a------- c:\windows\ScUnin.exe
2009-05-07 09:44 344,064 a------- c:\windows\system32\localspl.dll

============= FINISH: 20:47:31.51 ===============
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » August 3rd, 2009, 10:49 am

Hi,

Is there any special reason why you have C:\J2SE Runtime Environment 5.0 Update 5.msi downloaded (and assumably installed too)? I'm asking cos that's badly outdated version. You should uninstall it unless there's some special need for it (in that case it has to be replaced with latest version in Java 5.0 series).

Did you run MBAM (with up-to-date definitions) yet? I'd like to see a report from that, please.


Did you try to run Kaspersky online scanner on Opera? If you did, and it still didn't work then try this:

Download the latest version of Kaspersky Virus Removal Tool

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » August 3rd, 2009, 11:15 am

I'm not sure what you mean by MBAM. If i had it I already uninstalled it i think. Before i went here i tried a few programs. All of the m were a "pay to clean up". tool.
I'll remove the java thing.

and now I'll do the other stuff you requested adn report back.
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » August 3rd, 2009, 11:28 am

Malwarebytes' Anti-Malware aka MBAM isn't "pay to clean up" -tool. It has free version available that does cleaning too.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: popups.

Unread postby ranma187 » August 4th, 2009, 10:52 pm

well, I downloaded what i thoght was a free version of MBAM, And it did ask to pay to clean up. Then i got rid of it again.

here is what was detected by the other program.

Detected
--------
Status Object
------ ------
detected: Trojan program Trojan-Downloader.Win32.Agent.cikx File: C:\QooBox\Quarantine\C\Program Files\Media Access Startup\1.5.0.850\HPIEAddOn.dll.vir
detected: Trojan program Packed.Win32.Katusha.a File: C:\QooBox\Quarantine\C\WINDOWS\system32\dlqxyejt.dll.vir//UPX
detected: Trojan program Trojan.Win32.Monder.gen File: C:\QooBox\Quarantine\C\WINDOWS\system32\dvtxfnog.dll.vir//UPX
detected: Trojan program Trojan.Win32.Monder.gen File: C:\QooBox\Quarantine\C\WINDOWS\system32\ebgsmgqs.dll.vir//UPX
detected: adware not-a-virus:AdWare.Win32.Virtumonde.zrk File: C:\QooBox\Quarantine\C\WINDOWS\system32\efcDWOGv.dll.vir
detected: Trojan program Trojan.Win32.Monder.gen File: C:\QooBox\Quarantine\C\WINDOWS\system32\fyrymrdf.dll.vir//UPX
detected: Trojan program Packed.Win32.Katusha.a File: C:\QooBox\Quarantine\C\WINDOWS\system32\kolnkm.dll.vir//UPX
detected: Trojan program Packed.Win32.Katusha.a File: C:\QooBox\Quarantine\C\WINDOWS\system32\nqoytj.dll.vir//UPX
detected: Trojan program Packed.Win32.Katusha.a File: C:\QooBox\Quarantine\C\WINDOWS\system32\oyqgqiuj.dll.vir//UPX
detected: Trojan program Trojan.Win32.Monder.gen File: C:\QooBox\Quarantine\C\WINDOWS\system32\xeaaib.dll.vir//UPX
detected: Trojan program Trojan-Downloader.Win32.Agent.cikx File: C:\System Volume Information\_restore{6AD381CF-5D95-4C73-953B-1D511F9DF28C}\RP461\A0100051.dll


I should mention that mozilla is still messing up. It doesn't display facebook, gaiaonline, and other webpages properly.
ranma187
Active Member
 
Posts: 12
Joined: July 22nd, 2009, 12:45 pm

Re: popups.

Unread postby Blade81 » August 5th, 2009, 12:29 pm

Hi,

Those found items will be removed in final phase. Please clear Firefox cache and see if those sites are still displayed wrong.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware