Free Malware Removal Forum

by **Shaba** » August 13th, 2009, 12:03 am

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all

Folder::
c:\documents and settings\Steve\Application Data\uTorrent
c:\documents and settings\Steve\Application Data\LimeWire
c:\program files\LimeWire
c:\Program Files\uTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

by **stephenp23** » August 13th, 2009, 3:39 am

and here's the ComboFix scan log:

ComboFix 09-08-10.06 - Steve 13/08/2009 8:18.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1726.1064 [GMT 1:00]
Running from: c:\documents and settings\Steve\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Steve\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steve\Application Data\LimeWire
c:\documents and settings\Steve\Application Data\LimeWire\410splashfree.png
c:\documents and settings\Steve\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Steve\Application Data\LimeWire\active.mojito
c:\documents and settings\Steve\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Steve\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Steve\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Steve\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Steve\Application Data\LimeWire\downloads.dat
c:\documents and settings\Steve\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Steve\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Steve\Application Data\LimeWire\filters.props
c:\documents and settings\Steve\Application Data\LimeWire\gnutella.net
c:\documents and settings\Steve\Application Data\LimeWire\installation.props
c:\documents and settings\Steve\Application Data\LimeWire\library.dat
c:\documents and settings\Steve\Application Data\LimeWire\library5.dat
c:\documents and settings\Steve\Application Data\LimeWire\limewire.props
c:\documents and settings\Steve\Application Data\LimeWire\mojito.props
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\621685CBd01
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\AE98BDFBd01
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A9Bd01
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Steve\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Steve\Application Data\LimeWire\passive.mojito
c:\documents and settings\Steve\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Steve\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Steve\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Steve\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Steve\Application Data\LimeWire\pub1.key
c:\documents and settings\Steve\Application Data\LimeWire\public.key
c:\documents and settings\Steve\Application Data\LimeWire\questions.props
c:\documents and settings\Steve\Application Data\LimeWire\responses.cache
c:\documents and settings\Steve\Application Data\LimeWire\simpp.xml
c:\documents and settings\Steve\Application Data\LimeWire\spam.dat
c:\documents and settings\Steve\Application Data\LimeWire\tables.props
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme.lwtp
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\01_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\02_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\03_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\04_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\05_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\chat.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\dir_closed.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\dir_open.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\forward_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\forward_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\kill.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\kill_on.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\lime.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\logo.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\notsearching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\pause_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\pause_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\play_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\play_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\question.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\rewind_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\searching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\splash.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\stop_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\stop_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\theme.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\black_theme\warning.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme.lwtp
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\01_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\02_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\03_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\04_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\05_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\chat.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\dir_open.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\forward_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\kill.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\logo.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\notsearching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\pause_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\play_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\play_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\question.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\search.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\searching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\splash.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\stop_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\theme.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\classic_theme\warning.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme.lwtp
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\01_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\02_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\03_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\04_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\05_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\chat.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\kill.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\lime.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\logo.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\play_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\question.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\searching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\splash.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\theme.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\limewire_theme\warning.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme.lwtp
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\01_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\02_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\03_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\04_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\05_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\chat.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\forward_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\forward_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\kill.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\kill_on.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\logo.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\notsearching.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\pause_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\pause_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\play_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\play_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\question.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\rewind_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\searching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\splash.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\stop_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\stop_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\theme.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\other_theme\warning.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Steve\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Steve\Application Data\LimeWire\Thumbs.db
c:\documents and settings\Steve\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Steve\Application Data\LimeWire\ttree.cache
c:\documents and settings\Steve\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Steve\Application Data\LimeWire\update.xml
c:\documents and settings\Steve\Application Data\LimeWire\version.key
c:\documents and settings\Steve\Application Data\LimeWire\version.xml
c:\documents and settings\Steve\Application Data\LimeWire\versions.props
c:\documents and settings\Steve\Application Data\LimeWire\xml\data\application.sxml3
c:\documents and settings\Steve\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Steve\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Steve\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Steve\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Steve\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Steve\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Steve\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Steve\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Steve\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Steve\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Steve\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Steve\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Steve\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Steve\Application Data\LimeWire\xml\schemas\video.xsd
c:\documents and settings\Steve\Application Data\uTorrent
c:\documents and settings\Steve\Application Data\uTorrent\[Divx ITA] Snack Bar Budapest (Tinto Brass).avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\3 bombnes nudistas 02_traviesox.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\Andrew Blake - #17 - Dollhouse.torrent
c:\documents and settings\Steve\Application Data\uTorrent\battle of the Somme.torrent
c:\documents and settings\Steve\Application Data\uTorrent\BBC The Smoking Room.torrent
c:\documents and settings\Steve\Application Data\uTorrent\dht.dat
c:\documents and settings\Steve\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Steve\Application Data\uTorrent\Edge Of Darkness Series.torrent
c:\documents and settings\Steve\Application Data\uTorrent\John Adams 2008.torrent
c:\documents and settings\Steve\Application Data\uTorrent\kelly havel-lezz.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\L'emmerdeur Fr Dvd Rip - Jacques Brel & Lino Ventura - (Qualit? Divx).avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\milk.torrent
c:\documents and settings\Steve\Application Data\uTorrent\Milk[2008]DvDrip[Eng]-FXG.torrent
c:\documents and settings\Steve\Application Data\uTorrent\Northern Exposure.torrent
c:\documents and settings\Steve\Application Data\uTorrent\One, Two, Three (1961) DVDRip (SiRiUs sHaRe).torrent
c:\documents and settings\Steve\Application Data\uTorrent\Peeping Tom.xvid.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\PLANES_TRAINS_AND_AUTOMOBILES.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\PULP FICTION DVDRip Avi.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\resume.dat
c:\documents and settings\Steve\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Steve\Application Data\uTorrent\Ridicule.torrent
c:\documents and settings\Steve\Application Data\uTorrent\rss.dat
c:\documents and settings\Steve\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Steve\Application Data\uTorrent\settings.dat
c:\documents and settings\Steve\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Steve\Application Data\uTorrent\Shoah_(1985)_Claude_Lanzmann.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Batman.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Guns of Navarone.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Larry Sanders Show - Season 1.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Larry Sanders Show - Season 2.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Larry Sanders Show - Season 3.pdtv.xvid-TTT.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Larry Sanders Show - Season 4.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Phil Silvers Show (Sgt Bilko) Season 1.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Phil Silvers Show (Sgt Bilko) Season 2.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The Wrong box (1966).torrent
c:\documents and settings\Steve\Application Data\uTorrent\The.Larry.Sanders.Show.S05.PDTV.XviD-TTT.torrent
c:\documents and settings\Steve\Application Data\uTorrent\The.Larry.Sanders.Show.S06.PDTV.XviD-TTT.torrent
c:\documents and settings\Steve\Application Data\uTorrent\Tinto Brass (Corto Circuiti Erotici) - 1999-2000.avi.torrent
c:\documents and settings\Steve\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Steve\Application Data\uTorrent\Withnail and I.avi.torrent
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid2200.log
c:\program files\LimeWire\hs_err_pid2428.log
c:\program files\LimeWire\hs_err_pid2468.log
c:\program files\LimeWire\hs_err_pid3388.log
c:\program files\LimeWire\hs_err_pid3464.log
c:\program files\LimeWire\hs_err_pid356.log
c:\program files\LimeWire\hs_err_pid3560.log
c:\program files\LimeWire\hs_err_pid3764.log
c:\program files\LimeWire\hs_err_pid3996.log
c:\program files\LimeWire\hs_err_pid4060.log
c:\program files\LimeWire\hs_err_pid996.log
c:\program files\LimeWire\Oh Brother, Where Art Thou - Keep On The Sunny Side.mp3
c:\program files\uTorrent
c:\program files\uTorrent\4602-utorrent.bdc5.dmp
c:\program files\uTorrent\8179-utorrent.a417.dmp
c:\program files\uTorrent\8179-utorrent.d7c6.dmp

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-12 16:03 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-01 11:53 . 2009-08-01 11:53 -------- d-----w- c:\program files\Trend Micro
2009-07-30 08:02 . 2009-07-30 08:02 -------- d-----w- c:\program files\AxBx
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\documents and settings\Steve\Application Data\.clamwin
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\program files\ClamWin
2009-07-29 21:12 . 2009-07-29 21:12 -------- d-----w- c:\documents and settings\Steve\.clamwin
2009-07-29 19:07 . 2009-07-29 19:07 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-29 06:58 . 2009-07-29 06:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-29 06:58 . 2009-07-29 06:58 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\documents and settings\Steve\Application Data\Malwarebytes
2009-07-28 21:41 . 2009-07-13 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 21:41 . 2009-07-28 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-28 21:41 . 2009-07-13 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-28 08:11 . 2009-07-28 08:11 -------- d-sh--w- c:\documents and settings\Steve\IECompatCache
2009-07-26 11:42 . 2009-07-26 11:42 -------- d-----w- c:\program files\VS Revo Group
2009-07-25 16:02 . 2009-07-25 16:02 -------- d-sh--w- c:\documents and settings\Steve\PrivacIE
2009-07-22 21:55 . 2009-07-22 21:55 -------- d-----w- c:\documents and settings\Steve\Application Data\Canneverbe_Limited
2009-07-21 09:56 . 2009-07-21 09:56 -------- d-----w- c:\program files\Apple Software Update
2009-07-21 09:55 . 2009-07-21 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 09:54 . 2009-07-21 09:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 09:54 . 2009-07-21 09:54 -------- d-----w- c:\program files\QuickTime
2009-07-21 09:50 . 2009-07-21 09:50 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\documents and settings\Steve\IETldCache
2009-07-21 08:56 . 2009-07-21 08:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-21 08:51 . 2009-07-21 08:51 -------- d-----w- c:\windows\ie8updates
2009-07-21 08:50 . 2009-07-03 17:09 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-21 08:50 . 2009-07-03 17:09 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-21 08:49 . 2009-07-21 08:50 -------- dc-h--w- c:\windows\ie8
2009-07-17 19:01 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 07:29 . 2006-05-28 17:09 -------- d-----w- c:\documents and settings\Steve\Application Data\Skype
2009-08-13 07:07 . 2006-08-06 10:01 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-13 06:59 . 2006-07-29 12:03 1660 ----a-w- c:\windows\bthservsdp.dat
2009-08-12 18:19 . 2006-05-24 18:50 -------- d-----w- c:\program files\WinTV
2009-08-05 18:49 . 2006-04-28 22:05 -------- d-----w- c:\documents and settings\Steve\Application Data\OpenOffice.org2
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:59 . 2007-07-16 12:15 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2009-07-31 07:39 . 2007-12-03 08:59 1354375 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-07-30 08:19 . 2007-10-02 08:22 -------- d-----w- c:\documents and settings\Steve\Application Data\com.zipeg
2009-07-28 21:38 . 2008-06-13 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-26 22:13 . 2007-06-17 10:05 -------- d-----r- c:\program files\Skype
2009-07-25 23:41 . 2009-07-26 08:04 214528 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2009-07-25 23:40 . 2007-07-14 11:12 -------- d-----w- c:\program files\a-squared Free
2009-07-22 21:54 . 2007-12-07 22:16 -------- d-----w- c:\program files\CDBurnerXP
2009-07-22 21:47 . 2009-07-09 12:35 -------- d-----w- c:\program files\NCH Swift Sound
2009-07-21 09:55 . 2005-09-03 18:08 -------- d-----w- c:\program files\iTunes
2009-07-21 09:55 . 2008-05-24 19:03 -------- d-----w- c:\program files\Common Files\Apple
2009-07-21 09:55 . 2005-09-03 18:08 -------- d-----w- c:\program files\iPod
2009-07-19 21:56 . 2009-07-20 07:13 62976 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2009-07-18 09:53 . 2009-07-18 10:07 3531264 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2009-07-18 09:53 . 2009-07-18 10:07 3570688 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2009-07-18 08:41 . 2007-02-07 10:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 11:42 . 2008-06-13 21:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 09:49 . 2009-07-16 09:49 20919210 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_07_16_10_42_25_full.dmp.zip
2009-07-13 22:43 . 2004-08-04 11:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 19:11 . 2009-07-09 12:35 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-07-09 19:05 . 2009-03-18 22:31 -------- d-----w- c:\program files\MediaMonkey
2009-07-09 14:20 . 2009-07-09 14:20 -------- d-----w- c:\documents and settings\Steve\Application Data\Recordpad
2009-07-09 12:35 . 2009-07-09 12:35 -------- d-----w- c:\documents and settings\Steve\Application Data\NCH Swift Sound
2009-07-09 12:35 . 2009-07-09 12:35 -------- d-----w- c:\program files\NCH Software
2009-07-09 11:24 . 2007-11-29 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-07-04 08:45 . 2009-07-04 08:45 118411 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_04_09_24_19_small.dmp.zip
2009-07-04 08:24 . 2009-07-04 08:40 3493888 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-07-03 17:09 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-22 20:09 . 2008-06-13 21:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-22 20:09 . 2006-12-04 16:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-20 20:33 . 2007-05-14 23:18 -------- d-----w- c:\program files\Joost
2009-06-20 17:51 . 2005-09-03 18:18 -------- d-----w- c:\program files\Google
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\documents and settings\Steve\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\program files\BBC iPlayer Desktop
2009-06-20 16:51 . 2009-06-20 16:51 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-20 16:50 . 2009-06-20 16:51 38208 ----a-w- c:\documents and settings\Steve\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 22:35 . 2005-09-03 18:05 -------- d-----w- c:\program files\Hp
2009-06-14 21:47 . 2009-06-14 21:50 3454976 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-06-14 21:35 . 2009-06-14 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-06-12 12:31 . 2004-08-04 18:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:19 . 2004-08-04 12:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 11:49 . 2009-05-23 11:48 20854992 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2009_05_23_12_41_25_full.dmp.zip
2009-05-18 09:05 . 2008-06-13 21:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2006-05-01 21:42 . 2006-05-01 21:42 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-12_18.34.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2004-08-04 11:00 . 2009-07-13 22:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-04 12:00 . 2009-06-10 08:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2004-08-04 11:00 . 2009-07-13 22:43 10841088 c:\windows\system32\wmp.dll
+ 2006-04-24 22:18 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2004-08-04 11:00 . 2009-07-13 22:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-08 344064]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-22 1948440]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"flockbox"="c:\program files\My Lockbox\flockbox.exe" [2007-12-14 1071472]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-22 20:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [10/10/2008 12:19 38448]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [22/11/2008 09:31 17264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/06/2008 22:56 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/06/2008 22:56 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [22/06/2009 21:09 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [22/06/2009 21:09 298776]
R3 HCW77BDA;Hauppauge Nova-T Stick DVB-T Tuner;c:\windows\system32\drivers\hcw70bda.sys [06/04/2006 12:21 118850]
R3 hcw99rc;Hauppauge Nova-DT IR Driver;c:\windows\system32\drivers\hcw99rc.sys [06/04/2006 12:22 56792]
S2 a2freeaawservice;a-squared Free Service a2freeaawservice;c:\windows\TEMP\mcvkjdtcca.exe service --> c:\windows\TEMP\mcvkjdtcca.exe service [?]
S2 xoofkdkehfcdovb;xoofkdkehfcdovb;\??\c:\windows\system32\drivers\gmfvuut.sys --> c:\windows\system32\drivers\gmfvuut.sys [?]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [03/04/2006 18:12 14032]
S4 YFRHMJL;YFRHMJL;c:\docume~1\Steve\LOCALS~1\Temp\YFRHMJL.exe --> c:\docume~1\Steve\LOCALS~1\Temp\YFRHMJL.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2006-06-23 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 15:46]

2009-08-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 17:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\pvnsbuk9.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Copernic Desktop Search 2\FirefoxConnector\components\CSPXPCOMBridge.dll
FF - component: c:\program files\Copernic Desktop Search 2\Toolbar\FirefoxContainer\components\CCLCXPCOMBridge.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppstart.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 08:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-13 8:35
ComboFix-quarantined-files.txt 2009-08-13 07:35
ComboFix2.txt 2009-08-12 18:37

Pre-Run: 40,203,816,960 bytes free
Post-Run: 40,163,536,896 bytes free

852 --- E O F --- 2009-08-13 06:54

by **Shaba** » August 13th, 2009, 5:32 am

Note: You can use Internet Explorer or Moxilla FireFox for this scan!
If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted ... double click it, to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **

Check the box next to "YES, I accept the Terms of Use."... then click "Start".
Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click "Start". Make sure that the options:
- Remove found threats is UNCHECKED
- Leave the "default" settings under Advanced as they are, if not set , place a check for:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
Click "Start"... ESET scanner will begin to download the virus signatures database. (This takes a while)
When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish... it will take a while... please be patient. When the scan is finished...
Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste the contents of log.txt in your next reply along with a fresh HijackThis log.

Remember to enable your Anti-virus protection... before continuing!

by **stephenp23** » August 13th, 2009, 7:17 am

Many thanks. I will do this asap, but cannot do so for about 8-10 hours (I am away from my computer). One question.... I can be sure that i have admin privileges by going into Safe Mode - can I do this scan from Safe Mode?

by **Shaba** » August 13th, 2009, 7:32 am

No, it has to be done in normal mode.

If you have just one user account, it should have admin rights.

by **stephenp23** » August 13th, 2009, 9:14 am

I have three users. how can i tell (for sure) if I have Admin Rights - i think I have

by **Shaba** » August 13th, 2009, 9:53 am

Well you can see it upon scanning

I'm pretty sure you should have.

by **stephenp23** » August 14th, 2009, 4:15 pm

So here's the ESET log (Hijack log follows below)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=7bbd42bfc5cfd444bd1958993afe81ae
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-13 08:43:02
# local_time=2009-08-13 09:43:02 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 66 100 23652238286771
# compatibility_mode=2817 63 0 100 54402320161771
# compatibility_mode=5889 61 66 100 1061110360161771
# scanned=16835
# found=1
# cleaned=0
# scan_time=1066
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=7bbd42bfc5cfd444bd1958993afe81ae
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-13 08:54:41
# local_time=2009-08-13 09:54:41 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 66 100 23659229693021
# compatibility_mode=2817 63 0 100 54409311568021
# compatibility_mode=5889 61 66 100 1061117351568021
# scanned=16819
# found=1
# cleaned=0
# scan_time=655
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=7bbd42bfc5cfd444bd1958993afe81ae
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-14 09:22:16
# local_time=2009-08-14 10:22:16 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 66 100 24107787656250
# compatibility_mode=2817 63 0 100 54857869531250
# compatibility_mode=5889 61 66 100 1061565909531250
# scanned=173086
# found=4
# cleaned=0
# scan_time=4955
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I
C:\Documents and Settings\Steve\My Documents\My Downloads\zlsSetup_70_470_000_en.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
C:\Documents and Settings\Steve\My Documents\My Downloads\zlsSetup_70_483_000_en.exe a variant of Win32/AdInstaller application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruixhvimpdx.dll.vir Win32/Olmarik.JU trojan 00000000000000000000000000000000 I

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:25, on 14/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\My Lockbox\flockbox.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search 2\Toolbar\ToolbarContainer101000048.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [flockbox] C:\Program Files\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: a-squared Free Service a2freeaawservice (a2freeaawservice) - Unknown owner - C:\WINDOWS\TEMP\mcvkjdtcca.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9039 bytes

by **Shaba** » August 15th, 2009, 1:35 am

Do you recognize this?

C:\Documents and Settings\Steve\My Documents\My Downloads\zlsSetup_70_470_000_en.exe

by **stephenp23** » August 15th, 2009, 4:48 am

Yes I do. That is a download of the Zone Alarm setup program.

Incidentally, I opened (though didn't run) Spybot. In its RECOVERY section there is a repositrory of ad things it has discovered (and removed?) in the past. They seem to be held there in case you need to undo their removal, but there is an option callED PURGE SELECTED ITEMS. Should I purge them? It includes (there are about 8 repositories altogether):

Win32.ZBot
Win32.TDSS.rtk

by **stephenp23** » August 15th, 2009, 5:17 am

"a repositrory of ad things" should of course be "a repository of bad things"!

by **Shaba** » August 15th, 2009, 6:56 am

Yes you can purge them.

Some other issues?

by **stephenp23** » August 15th, 2009, 3:29 pm

Well I thought I might have been OK when I ran malwarebytes speedscan and it didn't show the two trojans(?) it had before. but then I ran Clamwin and, oh dear, this is what it found (4 infections)...

Scan Started Sat Aug 15 14:12:07 2009

-------------------------------------------------------------------------------

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\dc.db: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\dc.db-journal: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\etilqs_a67iC4ZCmjptMaA9F5yU: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\etilqs_aJloT2n9nGItIPijKDrN: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\main.db: Permission denied

C:\Documents and Settings\Steve\Application Data\Skype\stephenphelps\main.db-journal: Permission denied

C:\Documents and Settings\Steve\My Documents\Downloads\House.MD.Season.1.2.3.Complete.FastSeeder\House MD 220 - Euphoria 1.avi: Permission denied

C:\hiberfil.sys: Permission denied

C:\pagefile.sys: Permission denied

C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruixhvimpdx.dll.vir: Permission denied

C:\WINDOWS\system32\CatRoot2\tmp.edb: Permission denied

C:\WINDOWS\system32\config\default: Permission denied

C:\WINDOWS\system32\config\SAM: Permission denied

C:\WINDOWS\system32\config\SECURITY: Permission denied

C:\WINDOWS\system32\config\software: Permission denied

C:\WINDOWS\system32\config\system: Permission denied

C:\WINDOWS\system32\kanji_1.uce: Permission denied

C:\WINDOWS\Temp\ZLT01fb7.TMP: Permission denied

C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\pvnsbuk9.default\Cache\C2152591d01: Pua.Hideexec FOUND

C:\Documents and Settings\Steve\My Documents\Downloads\ComboFix.exe: Pua.Hideexec FOUND

C:\Program Files\Common Files\Wise Installation Wizard\WISCC8B19D191D24D5BB331F885F432745E_6_0_10.MSI: W32.Virut.Gen.D-159 FOUND

C:\Program Files\Final Draft 6\System\Scpbw32.dll: W32.Virut.Gen.D-159 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 608810

Engine version: 0.95.2

Scanned directories: 13437

Scanned files: 156100

Infected files: 4

Data scanned: 43168.52 MB

Data read: 101419.49 MB (ratio 0.43:1)

Time: 18650.766 sec (310 m 50 s)

--------------------------------------

Completed

--------------------------------------

by **Shaba** » August 16th, 2009, 1:02 am

These are not threats; ClamWin recognizes part of ComboFix:

C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\pvnsbuk9.default\Cache\C2152591d01: Pua.Hideexec FOUND

C:\Documents and Settings\Steve\My Documents\Downloads\ComboFix.exe: Pua.Hideexec FOUND

As for other two:

Please click this link-->Jotti

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\Program Files\Common Files\Wise Installation Wizard\WISCC8B19D191D24D5BB331F885F432745E_6_0_10.MSI:
C:\Program Files\Final Draft 6\System\Scpbw32.dll

Repeat steps for all files on the list.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

by **stephenp23** » August 17th, 2009, 6:48 pm

Print results Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email:

THis is the result for C:\Program Files\Common Files\Wise Installation Wizard\WISCC8B19D191D24D5BB331F885F432745E_6_0_10.MSI:

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.17 -
AhnLab-V3 5.0.0.2 2009.08.17 -
AntiVir 7.9.1.1 2009.08.17 -
Antiy-AVL 2.0.3.7 2009.08.17 -
Authentium 5.1.2.4 2009.08.17 -
Avast 4.8.1335.0 2009.08.17 -
AVG 8.5.0.406 2009.08.17 -
BitDefender 7.2 2009.08.17 -
CAT-QuickHeal 10.00 2009.08.17 -
ClamAV 0.94.1 2009.08.17 -
Comodo 2005 2009.08.18 -
DrWeb 5.0.0.12182 2009.08.18 -
eSafe 7.0.17.0 2009.08.17 -
eTrust-Vet 31.6.6681 2009.08.17 -
F-Prot 4.4.4.56 2009.08.16 -
F-Secure 8.0.14470.0 2009.08.17 -
Fortinet 3.120.0.0 2009.08.17 -
GData 19 2009.08.18 -
Ikarus T3.1.1.68.0 2009.08.17 -
Jiangmin 11.0.800 2009.08.17 -
K7AntiVirus 7.10.820 2009.08.17 -
Kaspersky 7.0.0.125 2009.08.17 -
McAfee 5712 2009.08.17 -
McAfee+Artemis 5712 2009.08.17 -
McAfee-GW-Edition 6.8.5 2009.08.17 -
Microsoft 1.4903 2009.08.17 -
NOD32 4343 2009.08.17 -
Norman 6.01.09 2009.08.17 -
nProtect 2009.1.8.0 2009.08.17 -
Panda 10.0.0.14 2009.08.17 -
PCTools 4.4.2.0 2009.08.17 -
Prevx 3.0 2009.08.18 -
Rising 21.43.04.00 2009.08.17 -
Sophos 4.44.0 2009.08.17 -
Sunbelt 3.2.1858.2 2009.08.17 -
Symantec 1.4.4.12 2009.08.18 -
TheHacker 6.3.4.3.383 2009.08.13 -
TrendMicro 8.950.0.1094 2009.08.17 -
VBA32 3.12.10.9 2009.08.17 -
ViRobot 2009.8.17.1887 2009.08.17 -
VirusBuster 4.6.5.0 2009.08.17 -
Additional information
File size: 12853760 bytes
MD5...: d55049f8b0b31ab021c9c12f7ab40034
SHA1..: b5279f78d871600972ad65f460f5bc7f08ef5f56
SHA256: 4576a6830bdd338171b1f740b44e3726a3cb2743091ebb688fa0ff4d213cd9ec
ssdeep: 393216:9H0TTnrZru9s8Gnj1aoEoPI1QvGau1UuPDLAfX6dOAnp:mvnr9us8EMoE
oPI1jLPPAfZAn

PEiD..: -
TrID..: File type identification
Microsoft Windows Installer (92.7%)
Windows SDK Setup Transform Script (6.3%)
Generic OLE2 / Multistream Compound File (0.8%)
Corel Photo Paint (0.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (Kaspersky): Swf2Exe

And this is the result for C:\Program Files\Final Draft 6\System\Scpbw32.dll

File 5239FA55001369A7F87201038660D800669A7136.dll received on 2009.06.27 20:47:42 (UTC)
Current status: finished

Result: 0/40 (0.00%)
Compact Print results Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.27 -
AhnLab-V3 5.0.0.2 2009.06.27 -
AntiVir 7.9.0.199 2009.06.26 -
Antiy-AVL 2.0.3.1 2009.06.26 -
Authentium 5.1.2.4 2009.06.27 -
Avast 4.8.1335.0 2009.06.26 -
AVG 8.5.0.339 2009.06.27 -
BitDefender 7.2 2009.06.27 -
CAT-QuickHeal 10.00 2009.06.26 -
ClamAV 0.94.1 2009.06.27 -
Comodo 1451 2009.06.27 -
DrWeb 5.0.0.12182 2009.06.27 -
eSafe 7.0.17.0 2009.06.25 -
eTrust-Vet 31.6.6582 2009.06.26 -
F-Prot 4.4.4.56 2009.06.27 -
F-Secure 8.0.14470.0 2009.06.27 -
Fortinet 3.117.0.0 2009.06.27 -
GData 19 2009.06.27 -
Ikarus T3.1.1.64.0 2009.06.27 -
Jiangmin 11.0.706 2009.06.27 -
K7AntiVirus 7.10.768 2009.06.19 -
McAfee 5659 2009.06.27 -
McAfee+Artemis 5659 2009.06.27 -
McAfee-GW-Edition 6.7.6 2009.06.27 -
Microsoft 1.4803 2009.06.27 -
NOD32 4193 2009.06.26 -
Norman 2009.06.26 -
nProtect 2009.1.8.0 2009.06.27 -
Panda 10.0.0.16 2009.06.27 -
PCTools 4.4.2.0 2009.06.26 -
Prevx 3.0 2009.06.27 -
Rising 21.35.52.00 2009.06.27 -
Sophos 4.43.0 2009.06.27 -
Sunbelt 3.2.1858.2 2009.06.27 -
Symantec 1.4.4.12 2009.06.27 -
TheHacker 6.3.4.3.356 2009.06.27 -
TrendMicro 8.950.0.1094 2009.06.26 -
VBA32 3.12.10.7 2009.06.27 -
ViRobot 2009.6.27.1808 2009.06.27 -
VirusBuster 4.6.5.0 2009.06.27 -
Additional information
File size: 129024 bytes
MD5 : 9cf8de0f8ec8256b256d737d202ff698
SHA1 : 2ad46fa88d5beed88bcd1005f587243e8934a53c
SHA256: 8f3c3285c4336c1223daee91cc3366f6c3ca43f01f9667cb8a88fa4e9a4be117
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x73D0
timedatestamp.....: 0x3C49E011 (Sat Jan 19 22:07:29 2002)
machinetype.......: 0x14C (Intel I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x84EB 0x8600 6.28 d3600a7f9ca047eade840b38b0010508
.rdata 0xA000 0xDC 0x200 2.27 6f5649efe36aac091dd3e3ce0508c724
.data 0xB000 0x15C28 0x14A00 1.73 9c2a5ce225874a63aad9fc76764b97c3
.idata 0x21000 0x706 0x800 4.83 7ce1d4a07db6f5d33e42d0f29151fc02
SHARED 0x22000 0x1 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x23000 0x2F0 0x400 2.63 85a60e595eddab13986cbdbe69be0390
.reloc 0x24000 0x12BE 0x1400 6.03 dcea8920d2e96469a5bf49336f648122

( 2 imports )

> kernel32.dll: -, GetCommandLineA, GetTickCount, DeleteFileA, GetStartupInfoA, CreateProcessA, WaitForSingleObject, GetWindowsDirectoryA, CreateDirectoryA, RemoveDirectoryA, GetDriveTypeA, GetDiskFreeSpaceA, CreateFileA, ReadFile, WriteFile, CloseHandle, SetFilePointer, SetFileAttributesA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToSystemTime, GetSystemTime, GetTimeZoneInformation, GetVersionExA, LoadLibraryA, FreeLibrary, GetProcAddress, GetModuleFileNameA, GetModuleHandleA, Sleep, DeviceIoControl, SetCurrentDirectoryA, GetCurrentDirectoryA, FlushFileBuffers, SetStdHandle, GetVersion, ExitProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, HeapCreate, HeapDestroy, SetHandleCount, GetFileType, GetStdHandle, DeleteCriticalSection, GetCPInfo, GetACP, GetOEMCP, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapAlloc, HeapFree
> mpr.dll: WNetAddConnectionA, WNetCancelConnectionA

( 1 exports )

> SCPBATWDO32CALL, SCPBATWDO32CALLWISE
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.1%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 1536:pO7+d9xeVkoT19yJTSkg7A7mEtPsx4eaUGTN8uwmDbcoy+NfipWcukuITPFI6Z3:TSkg7A7xt4kJOVuITPFI6
PEiD : -
RDS : NSRL Reference Data Set
-

Free Malware Removal Forum

Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Re: Trojan.TDSS

Who is online