View Full Version : Blue screen of death???
Hello my computer only boots from disc and it took a while for me to get it to this point.
I keep getting error msgs msfeedssync.exe-application error!!
I have an infected desk top (xp)as well as my sons laptop(vista)(which has no disc drive to start it from)
This is for my desktop
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:30, on 2/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rogers Connection Manager\UIMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\msfeedssync.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.ca/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [autodetect] C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
O4 - HKLM\..\Run: [dlcgmon.exe] "C:\Program Files\Dell AIO 810\dlcgmon.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://games.bigfishgames.com/en_zenerchi/online/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FF9292C-15E9-49C4-837A-5AAADF57C6F3}: NameServer = 64.71.255.198 64.71.255.253
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Update Service (gupdate1c9a8e9c7044744) (gupdate1c9a8e9c7044744) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (file missing)
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Unknown owner - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (file missing)
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Bell\Scan and Clean utility\rpsupdaterR.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
--
End of file - 15992 bytes
Hello,
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/11/2010 12:20:25 PM
System Uptime: 2/22/2010 7:12:41 PM (15 hours ago)
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Celeron(R) CPU 3.06GHz | Microprocessor | 3060/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 71 GiB total, 8.181 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82562V 10/100 Network Connection
Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8
Manufacturer: Intel
Name: Intel(R) 82562V 10/100 Network Connection
PNP Device ID: PCI\VEN_8086&DEV_104C&SUBSYS_01DD1028&REV_02\3&172E68DD&0&C8
Service: e1express
==== System Restore Points ===================
RP1: 2/12/2010 1:25:40 PM - System Checkpoint
RP2: 2/12/2010 11:52:41 PM - Removed Google Earth.
RP3: 2/13/2010 7:00:17 PM - Software Distribution Service 3.0
RP4: 2/14/2010 7:00:20 PM - Software Distribution Service 3.0
RP5: 2/14/2010 10:13:36 PM - Installed Windows Media Player 10
RP6: 2/14/2010 10:16:19 PM - Software Distribution Service 3.0
RP7: 2/15/2010 7:00:16 PM - Software Distribution Service 3.0
RP8: 2/16/2010 7:31:09 PM - System Checkpoint
RP9: 2/22/2010 8:47:46 PM - System Checkpoint
==== Installed Programs ======================
AAC Decoder
Acoustica Effects Pack
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Authentium AntiVirus SDK - 2
AutoUpdate
Azada
Big Fish Games: Game Manager
BlackBerry Desktop Software 4.5
Bonjour
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Crime Cities
CSI: NY
Dell AIO 810
Dell Driver Reset Tool
Dell System Restore
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Dream Chronicles: The Chosen Child
Dreamsdwell Stories
DTC Library
DVD Suite
Enlightenus
ERUNT 1.1j
Free 3GP Video Converter version 3.1
Free Video to iPod Converter version 3.1
Free YouTube to iPod Converter version 3.1
G.H.O.S.T Chronicles: Phantom of the Renaissance Faire
GameShadow
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
IBS
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
James Patterson Women's Murder Club: A Darker Shade of Grey
Java(TM) 6 Update 17
Junk Mail filter update
Lexmark 2400 Series
Lexmark Fax Solutions
LimeWire 5.1.2
McAfee SecurityCenter
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MobileMe Control Panel
Modem Helper
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Mystery Case Files: Return to Ravenhearst ™
Mystery Case Files: Return to Ravenhearst Strategy Guide ™
neroxml
NetWaiting
OpenAL
OpenOffice.org 2.4
Pahelika: Secret Legends
Penny Dreadfuls: Sweeney Todd Collector`s Edition
PowerDVD
PPSDKRedistributables
Princess Isabella: A Witch's Curse
QuickTime
Radialpoint Security Services
Rogers Connection Manager
Roxio Media Manager
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype web features
Skype™ 4.1
Sonic Activation Module
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Sympatico(TM) Scan and Clean utility
The Fall Trilogy
The I Love Lucy Game: Episode 1
The Serpent of Isis ™
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Treasure Seekers: The Enchanted Canvases
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
VC80CRTRedist - 8.0.50727.762
VLC media player 0.9.8a
Wandering Willows
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
==== Event Viewer Messages From Past Week ========
2/22/2010 7:32:26 PM, error: Print [6161] - The document Cabernet Franc.pdf owned by Dawn failed to print on printer Lexmark 2400 Series. Data type: LEMF. Size of the spool file in bytes: 2437330. Number of bytes printed: 2437330. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DH63P9C1. Win32 error code returned by the print processor: 0 (0x0).
2/22/2010 7:32:24 PM, error: Print [6161] - The document Wine Defects.pdf owned by Dawn failed to print on printer Lexmark 2400 Series. Data type: LEMF. Size of the spool file in bytes: 47454775. Number of bytes printed: 0. Total number of pages in the document: 35. Number of pages printed: 24. Client machine: \\DH63P9C1. Win32 error code returned by the print processor: 0 (0x0).
2/22/2010 6:54:49 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
2/22/2010 6:54:49 PM, error: Service Control Manager [7000] - The Turbine Message Service - Live service failed to start due to the following error: The system cannot find the path specified.
==== End Of File ===========================
DDS (Ver_09-12-01.01) - NTFSx86
Run by Dawn at 9:59:22.23 on Tue 02/23/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.411 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\SupportAppXL\AutoDect.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcrPSWX.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcrPSWX.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcrPSWX.EXE
E:\dds.pif
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sympatico.msn.ca/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [autodetect] c:\windows\system32\supportappxl\AutoDect.exe
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\dawn\start menu\programs\startup\LimeWire On Startup.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://games.bigfishgames.com/en_zenerchi/online/ZenerchiWeb.1.0.0.10.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-1 54752]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2009-2-18 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-27 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-27 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-27 144704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 35272]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-27 34248]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-27 40552]
S2 gupdate1c9a8e9c7044744;Google Update Service (gupdate1c9a8e9c7044744);c:\program files\google\update\GoogleUpdate.exe [2009-3-19 133104]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-9-29 7680]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [2008-11-14 90845]
=============== Created Last 30 ================
2010-02-15 20:46:34 0 d-sh--w- C:\found.008
2010-02-15 00:11:34 0 d-----w- c:\program files\MSXML 6.0
2010-02-14 23:55:46 0 d-----w- c:\program files\Trend Micro
2010-02-14 23:10:39 0 d-----w- c:\windows\system32\CatRoot_bak
2010-02-14 23:07:23 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-14 23:06:12 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-14 23:04:29 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-14 23:04:27 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-14 23:04:26 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-14 23:04:25 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 18:25:00 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-02-11 17:19:58 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-11 17:18:58 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-02-11 17:17:51 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-02-11 17:15:26 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-11 17:15:20 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-11 17:15:20 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-11 17:15:20 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-11 17:15:20 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-11 17:15:04 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-11 17:13:43 0 d-----w- c:\program files\Messenger
2010-02-11 16:57:08 10559 ----a-r- c:\windows\SETA8.tmp
2010-02-11 16:57:07 22339 ----a-r- c:\windows\SETA7.tmp
2010-02-11 16:57:04 13753 ----a-r- c:\windows\SET74.tmp
2010-02-11 16:57:02 1086058 ----a-r- c:\windows\SET68.tmp
2010-02-11 16:57:01 1042903 ----a-r- c:\windows\SET65.tmp
2010-02-02 02:32:41 43008 ----a-w- c:\windows\system32\SET181.tmp
2010-02-01 20:41:59 0 d-----w- c:\windows\mui
2010-02-01 20:41:59 0 d-----w- c:\windows\msapps
2010-02-01 20:41:59 0 d-----w- c:\windows\dell
2010-02-01 20:41:59 0 d-----w- c:\windows\Connection Wizard
2010-02-01 20:41:59 0 d-----w- c:\windows\Config
2010-02-01 16:58:21 0 d-sh--w- C:\found.007
2010-01-25 01:41:52 0 ----a-w- c:\windows\DXT54.tmp
2010-01-25 01:36:52 0 d-----w- c:\program files\directx
2010-01-25 01:36:52 0 d-----w- c:\program files\Crime Cities
2010-01-25 01:36:51 0 ----a-w- c:\windows\DXT47.tmp
2010-01-25 01:36:51 0 ----a-w- c:\windows\DXT46.tmp
2010-01-25 01:36:51 0 ----a-w- c:\windows\DXT45.tmp
2010-01-25 01:36:51 0 ----a-w- c:\windows\DXT44.tmp
==================== Find3M ====================
2010-02-11 17:14:32 26860 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-26 05:24:09 73184 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-12 00:54:36 39 ----a-w- c:\documents and settings\dawn\jagex_runescape_preferences.dat
2010-01-12 00:48:26 69 ----a-w- c:\documents and settings\dawn\jagex_runescape_preferences2.dat
2010-01-10 16:37:07 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-10 16:19:34 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 16:19:34 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll
2008-09-22 15:42:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-22 15:42:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat
2009-05-28 21:11:38 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-05-28 21:11:38 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-05-28 21:11:38 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 10:01:02.73 ===============
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
I am not able to access the internet on the infected computer! Can I run combofix without the internet? Or any suggestions?
Hi,
Yes, you may transfer ComboFix to the infected system after making sure removable drive is treated with flash disinfector first:
1. Download Flash_Disinfector (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save it to your Desktop of your clean system.
2. After downloading, double-click on Flash_Disinfector to run it.
3. Just follow the prompts and continue until it begin scanning.
4. If asked to insert your flash drive or any removable device including USB Pen Drive and Memory Stick, please do so.
5. It will scan removable drives, wait for the scan to finish. Done.
Also, since the internet access is disabled you have to install recovery console (XP Home SP 2 is correct option in your case) manually with ComboFix (instructions for this can be read from ComboFix tutorial).
Hello,
I managed to gain access to the internet!!
Here are the logs:
ComboFix 10-02-27.04 - Dawn 02/27/2010 16:07:30.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.573 [GMT -5:00]
Running from: c:\documents and settings\Dawn\My Documents\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\areabomb.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\beetlezap.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonusrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bonustimer.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\bucketfilled.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\clearpyramid.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle1c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2a.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2b.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\cleartriangle2c.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\colorchain.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\dialogbox.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\drumbeat.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\fillrow.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\gateopen.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\helptip.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\powerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\rotateboardleft.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\timerup.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\audio\sfx\warning2.ogg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\artifacts-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\bar.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\chamber1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\circledoor.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\full_screen_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\global-hs-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_large.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\help-bb_small.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hexfield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\hidden-artifact_icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\large_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\local-hs-bb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\small_dialog.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\textfield.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\backgrounds\trifield.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetlehover4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetleshock4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\beetletatoo.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\dirt.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpost.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\scarabpostovr.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\beetles\tritop.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowdown_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\arrowup_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\bluearrowright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkdown.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\checkup.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\long_button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\orange-button_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotleft_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\rotright_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_down.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_over.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\simplebutton_up.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknob.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderknobover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\buttons\sliderrail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\anwar\look\pl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\bast\look\bl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\characters\kristine\look\kl0001.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\crackedstopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\cursor.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\doorlights.txt
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\jackarmstrong.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\fonts\lithos.mvec
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\greybomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\arrowkeys.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\helptips\helptip.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\levels\levels.dat
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\disk.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\equilateraltriangle.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\flattri.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\pyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\quad.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\rotatingpyramid.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\models\scarabpanel.mesh
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\p1icon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-0.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\page1-1.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-0-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scenes\panel1-1-1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\scorecloud.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\setup.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\areashockwave.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_starter.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\bolt_tail.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\flash.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\rubble.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\sfx\smoke3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue0\snake_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\arm01_dirty.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\mask01_1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\statues\statue1\statue01_dirty.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\stopper.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timer.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timerglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\timericon.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\tm.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseblue3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousegreen3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mousered3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\trails\mouseyellow3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabomb.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\areabombrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\boardfill.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\brick3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\bricktip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared5.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\clearanim\cleared6.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye1.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye2.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye3.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\eye4.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-blue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-bluerollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-green.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-greenrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\plain_tri-yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\red.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\redrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wild.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\wildrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\triangles\yellowrollover.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image0.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image1.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image2.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\upsell\image3.jpg
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\bluebucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\buckettriangle.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chainlink.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\chaintip.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\genericbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\greenbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\redbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallblue.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallgreen.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallred.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\smallyellow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnglow.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\urnplatform.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\urns\yellowbucket.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\assets\warning.png
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\error.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\game.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\gameover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscore.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoreinfo.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\hiscoresubmit.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\instructions.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\leveldesign.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\levelover.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainarcade.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maincontinue.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maingames.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\mainpuzzle.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\maphelptip.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\options.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\pause.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\quitconfirm.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\start.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\storyplayer.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\style.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\screens\upsell.lua
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\strings.xml
c:\windows\Downloaded Program Files\TriJinx.1.0.0.55\TriJinx.exe
c:\windows\Temp\0120791267303313mcinst.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.
2010-02-15 20:46 . 2010-02-15 20:46 -------- d-----w- C:\found.008
2010-02-15 00:11 . 2010-02-15 00:11 -------- d-----w- c:\program files\MSXML 6.0
2010-02-14 23:55 . 2010-02-14 23:55 -------- d-----w- c:\program files\Trend Micro
2010-02-14 23:32 . 2010-02-14 23:32 -------- d-----w- c:\program files\ERUNT
2010-02-14 23:10 . 2010-02-14 23:10 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-14 23:07 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-14 23:06 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-14 23:04 . 2009-08-04 12:49 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-14 23:04 . 2009-08-04 12:51 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-14 23:04 . 2009-08-04 12:02 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-14 23:04 . 2009-08-04 12:02 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 18:25 . 2006-07-21 22:46 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-02-11 17:20 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-02-11 17:20 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-02-11 17:20 . 2004-08-04 10:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-02-11 17:20 . 2004-08-04 10:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-02-11 17:20 . 2004-08-04 10:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-02-11 17:20 . 2004-08-04 10:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-02-11 17:18 . 2004-08-04 10:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-02-11 17:17 . 2004-08-04 10:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2010-02-11 17:15 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-02 02:05 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-02 02:05 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-02 02:05 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-02 02:05 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\mui
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\msapps
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\dell
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\Connection Wizard
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\Config
2010-02-01 16:58 . 2010-02-01 16:58 -------- d-----w- C:\found.007
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 20:48 . 2009-04-27 15:56 -------- d-----w- c:\program files\McAfee
2010-02-26 02:09 . 2006-12-23 06:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 04:14 . 2008-08-29 01:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-23 01:29 . 2008-10-28 03:54 -------- d-----w- c:\program files\lx_cats
2010-02-15 20:28 . 2009-05-09 01:54 -------- d-----w- c:\documents and settings\Dawn\Application Data\LimeWire
2010-02-15 19:52 . 2008-08-28 22:21 92016 ----a-w- c:\documents and settings\Dawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 04:55 . 2006-12-23 06:46 -------- d-----w- c:\program files\Google
2010-02-13 04:29 . 2008-08-29 01:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 18:24 . 2009-11-08 23:10 -------- d-----w- c:\program files\Dl_cats
2010-02-11 17:14 . 2004-08-10 19:02 26860 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-26 05:24 . 2008-08-29 01:48 73184 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-25 01:41 . 2010-01-25 01:41 0 ----a-w- c:\windows\DXT54.tmp
2010-01-25 01:39 . 2010-01-25 01:36 -------- d-----w- c:\program files\Crime Cities
2010-01-25 01:36 . 2010-01-25 01:36 -------- d-----w- c:\program files\directx
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT47.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT46.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT45.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT44.tmp
2010-01-25 01:33 . 2009-08-09 20:00 256 ----a-w- c:\windows\system32\pool.bin
2010-01-22 01:13 . 2009-03-20 16:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 02:32 . 2008-09-05 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-18 01:31 . 2010-01-18 01:31 -------- d-----w- c:\documents and settings\Dawn\Application Data\BigFishGames
2010-01-18 01:17 . 2010-01-18 01:14 -------- d-----w- c:\program files\Penny Dreadfuls - Sweeney Todd Collector's Edition
2010-01-15 13:42 . 2010-01-15 13:41 -------- d-----w- c:\program files\Princess Isabella - A Witch's Curse
2010-01-15 00:08 . 2009-12-13 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 17:31 . 2010-01-12 17:30 -------- d-----w- c:\program files\The Fall Trilogy
2010-01-12 17:25 . 2008-09-05 23:12 -------- d-----w- c:\program files\bfgclient
2010-01-12 00:54 . 2008-09-04 19:29 39 ----a-w- c:\documents and settings\Dawn\jagex_runescape_preferences.dat
2010-01-12 00:48 . 2009-09-02 21:19 69 ----a-w- c:\documents and settings\Dawn\jagex_runescape_preferences2.dat
2010-01-11 17:11 . 2010-01-11 17:11 -------- d-----w- c:\documents and settings\Dawn\Application Data\Windows Desktop Search
2010-01-11 17:07 . 2010-01-10 22:17 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-11 14:04 . 2008-09-11 00:37 -------- d-----w- c:\documents and settings\Dawn\Application Data\Skype
2010-01-11 14:00 . 2008-09-11 00:38 -------- d-----w- c:\documents and settings\Dawn\Application Data\skypePM
2010-01-10 16:37 . 2009-02-17 01:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-10 16:36 . 2010-01-10 16:36 8854 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-01-10 16:36 . 2010-01-10 16:36 45056 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-01-10 16:36 . 2010-01-10 16:36 45056 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\ARPPRODUCTICON.exe
2010-01-10 16:36 . 2010-01-10 16:36 3262 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-01-10 16:36 . 2010-01-10 16:35 -------- d-----w- c:\program files\GameShadow
2010-01-10 16:20 . 2010-01-10 16:20 -------- d-----w- c:\program files\Eidos
2010-01-10 16:19 . 2010-01-10 16:19 -------- d-----w- c:\program files\OpenAL
2010-01-10 16:19 . 2010-01-10 16:19 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 16:19 . 2010-01-10 16:19 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 16:09 . 2009-06-17 22:02 -------- d-----w- c:\program files\MSN Games
2010-01-10 05:12 . 2009-02-15 18:11 -------- d-----w- c:\program files\Bonjour
2010-01-10 03:51 . 2008-10-12 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-06 06:01 . 2009-08-09 20:09 -------- d-----w- c:\documents and settings\Dawn\Application Data\Roxio
2010-01-06 06:01 . 2009-08-09 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-06 04:53 . 2008-09-03 22:38 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-04 19:57 . 2008-08-29 01:41 -------- d-----w- c:\program files\Java
2010-01-04 19:55 . 2010-01-04 19:55 152576 ----a-w- c:\documents and settings\Dawn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-04 19:54 . 2010-01-04 19:54 79488 ----a-w- c:\documents and settings\Dawn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-04 04:56 . 2010-01-04 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2010-01-04 02:58 . 2010-01-04 02:58 -------- d-----w- c:\program files\TomTom International B.V
2010-01-04 02:58 . 2010-01-04 02:57 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-31 16:14 . 2004-08-04 10:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 02:58 . 2009-12-31 02:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-12-31 02:57 . 2009-12-31 02:57 -------- d-----w- c:\documents and settings\Dawn\Application Data\TomTom
2009-12-31 02:56 . 2009-12-31 02:56 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-12-30 23:58 . 2009-12-30 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Funcom
2009-12-26 02:48 . 2009-12-26 02:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-22 05:42 . 2006-03-04 03:33 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-10 19:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 18:34 . 2009-12-11 18:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-07 23:03 . 2010-01-04 22:30 6640976 ----a-w- c:\documents and settings\Dawn\Application Data\TomTom\HOME\Profiles\ldac7136.default\extensions\Navcore.9.025.477770@tomtom.com\9-025-477770-1.dll
2009-12-04 14:41 . 2004-08-04 10:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Devon\Start Menu\Programs\Startup\
LimeWire On Startup.lnk.disabled [2009-5-23 1546]
c:\documents and settings\Dawn\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
LimeWire On Startup.lnk.disabled [2009-5-13 1546]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"BigDogPath"=c:\windows\VM_STI.EXE USB(VGA) Camera
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe"
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/1/2009 3:31 PM 54752]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2/18/2009 2:49 PM 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/27/2009 10:58 AM 93320]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
S2 0120791267303313mcinstcleanup;McAfee Application Installer Cleanup (0120791267303313);c:\windows\TEMP\012079~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012079~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a8e9c7044744;Google Update Service (gupdate1c9a8e9c7044744);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2009 6:23 PM 133104]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
S3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [11/14/2008 8:45 AM 90845]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - 0120791267303313MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 23:23]
2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 23:23]
2010-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-27 16:22]
2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-27 16:22]
2010-02-27 c:\windows\Tasks\User_Feed_Synchronization-{85E6FDC2-6880-4919-9254-8E044B8735F7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sympatico.msn.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {0FF9292C-15E9-49C4-837A-5AAADF57C6F3} = 207.164.234.193 207.164.234.129
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
AddRemove-Acoustica Effects Pack - c:\progra~1\ACOUST~2\UNWISE.EXE
AddRemove-IBS - c:\program files\NovaLogic\IBS\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 16:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-02-27 16:25:52
ComboFix-quarantined-files.txt 2010-02-27 21:25
Pre-Run: 9,076,776,960 bytes free
Post-Run: 10,140,164,096 bytes free
- - End Of File - - 13C4E93A83BAC0F2F94B17B1598283FA
DDS (Ver_09-09-29.01) - NTFSx86
Run by Dawn at 16:33:19.60 on Sat 02/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.425 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Dawn\My Documents\Downloads\dds.com
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sympatico.msn.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\dawn\start menu\programs\startup\LimeWire On Startup.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://games.bigfishgames.com/en_zenerchi/online/ZenerchiWeb.1.0.0.10.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {0FF9292C-15E9-49C4-837A-5AAADF57C6F3} = 207.164.234.193 207.164.234.129
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-27 144704]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-1 54752]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2009-2-18 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-27 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-27 359952]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-27 40552]
S2 0120791267303313mcinstcleanup;McAfee Application Installer Cleanup (0120791267303313);c:\windows\temp\012079~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\012079~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a8e9c7044744;Google Update Service (gupdate1c9a8e9c7044744);c:\program files\google\update\GoogleUpdate.exe [2009-3-19 133104]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-27 34248]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [2008-11-14 90845]
=============== Created Last 30 ================
2010-02-27 16:06 261,632 a------- c:\windows\PEV.exe
2010-02-27 16:06 77,312 a------- c:\windows\MBR.exe
2010-02-15 15:46 <DIR> --d----- C:\found.008
2010-02-14 19:11 <DIR> --d----- c:\program files\MSXML 6.0
2010-02-14 18:55 <DIR> --d----- c:\program files\Trend Micro
2010-02-14 18:10 <DIR> --d----- c:\windows\system32\CatRoot_bak
2010-02-14 18:07 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2010-02-14 18:06 453,760 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2010-02-14 18:04 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-14 18:04 2,185,984 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-14 18:04 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-14 18:04 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 13:25 155,648 a------- c:\windows\system32\igfxres.dll
2010-02-11 12:19 14,336 ac------ c:\windows\system32\dllcache\tsprof.exe
2010-02-11 12:18 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2010-02-11 12:17 331,264 ac------ c:\windows\system32\dllcache\aqueue.dll
2010-02-11 12:15 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\WindowsShell.Manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2010-02-11 12:15 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2010-02-11 12:13 <DIR> --d----- c:\program files\Messenger
2010-02-11 11:57 10,559 a----r-- c:\windows\SETA8.tmp
2010-02-11 11:57 22,339 a----r-- c:\windows\SETA7.tmp
2010-02-11 11:57 13,753 a----r-- c:\windows\SET74.tmp
2010-02-11 11:57 1,086,058 a----r-- c:\windows\SET68.tmp
2010-02-11 11:57 1,042,903 a----r-- c:\windows\SET65.tmp
2010-02-01 21:32 43,008 a------- c:\windows\system32\SET181.tmp
2010-02-01 15:41 <DIR> --d----- c:\windows\mui
2010-02-01 15:41 <DIR> --d----- c:\windows\msapps
2010-02-01 15:41 <DIR> --d----- c:\windows\dell
2010-02-01 15:41 <DIR> --d----- c:\windows\Connection Wizard
2010-02-01 15:41 <DIR> --d----- c:\windows\Config
2010-02-01 11:58 <DIR> --d----- C:\found.007
==================== Find3M ====================
2010-02-11 12:14 26,860 a------- c:\windows\system32\emptyregdb.dat
2010-01-26 00:24 73,184 a---h--- c:\windows\system32\mlfcache.dat
2010-01-11 19:54 39 a------- c:\documents and settings\dawn\jagex_runescape_preferences.dat
2010-01-11 19:48 69 a------- c:\documents and settings\dawn\jagex_runescape_preferences2.dat
2010-01-10 11:37 107,888 a------- c:\windows\system32\CmdLineExt.dll
2010-01-10 11:19 418,480 a------- c:\windows\system32\wrap_oal.dll
2010-01-10 11:19 115,432 a------- c:\windows\system32\OpenAL32.dll
2009-12-31 11:14 352,640 a------- c:\windows\system32\drivers\srv.sys
2009-12-22 00:42 662,016 -------- c:\windows\system32\wininet.dll
2009-12-22 00:42 81,920 a------- c:\windows\system32\ieencode.dll
2009-12-16 07:58 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:35 33,280 a------- c:\windows\system32\csrsrv.dll
2009-10-14 10:48 1,128 a------- c:\docume~1\dawn\applic~1\wklnhst.dat
2008-12-14 17:54 32 a----r-- c:\documents and settings\all users\hash.dat
2008-09-22 10:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-22 10:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat
============= FINISH: 16:33:54.85 ===============
Hi again,
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.
Malwarebytes' Anti-Malware 1.44
Database version: 3808
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
2/28/2010 8:00:51 PM
mbam-log-2010-02-28 (20-00-51).txt
Scan type: Quick Scan
Objects scanned: 142082
Time elapsed: 7 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi again,
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
c:\documents and settings\Dawn\Application Data\LimeWire
c:\program files\uTorrent
File::
c:\documents and settings\Devon\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
c:\documents and settings\Dawn\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
ok, i ran everything but the Kaspersky Online Scanner, it said that it could not run because of my safari broswer, I tried to repair and that didnt work so I deleted it1 Still not working!!
Second the McAfee scan will not delete! I stopped the subscription years ago and I am not able to delete it and when I try to open the window it is a blank screen! cant do anything with it!
ComboFix 10-02-27.04 - Dawn 03/01/2010 20:32:09.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.508 [GMT -5:00]
Running from: c:\documents and settings\Dawn\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dawn\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FILE ::
"c:\documents and settings\Dawn\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled"
"c:\documents and settings\Devon\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Dawn\Application Data\LimeWire
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\Dawn\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\Dawn\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Dawn\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Dawn\Application Data\LimeWire\downloads.dat
c:\documents and settings\Dawn\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Dawn\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Dawn\Application Data\LimeWire\installation.props
c:\documents and settings\Dawn\Application Data\LimeWire\library.dat
c:\documents and settings\Dawn\Application Data\LimeWire\library5.dat
c:\documents and settings\Dawn\Application Data\LimeWire\limewire.props
c:\documents and settings\Dawn\Application Data\LimeWire\mojito.props
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\84B81434d01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\96336453d01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\BAADB0B5d01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\BAFF9ABCd01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\Cache\CFF25DC1d01
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\places.sqlite-stmtjrnl
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\Dawn\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.lck
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.log
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Dawn\Application Data\LimeWire\promotion\promodb.script.new
c:\documents and settings\Dawn\Application Data\LimeWire\questions.props
c:\documents and settings\Dawn\Application Data\LimeWire\responses.cache
c:\documents and settings\Dawn\Application Data\LimeWire\simpp.xml
c:\documents and settings\Dawn\Application Data\LimeWire\spam.dat
c:\documents and settings\Dawn\Application Data\LimeWire\tables.props
c:\documents and settings\Dawn\Application Data\LimeWire\ttdata.cache
c:\documents and settings\Dawn\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Dawn\Application Data\LimeWire\version.xml
c:\documents and settings\Dawn\Application Data\LimeWire\versions.props
c:\documents and settings\Dawn\Application Data\LimeWire\xml\data\audio.sxml3
c:\documents and settings\Dawn\Application Data\LimeWire\xml\data\video.sxml3
c:\documents and settings\Dawn\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
c:\documents and settings\Devon\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
((((((((((((((((((((((((( Files Created from 2010-02-02 to 2010-03-02 )))))))))))))))))))))))))))))))
.
2010-03-01 20:11 . 2010-03-01 20:11 -------- d-----w- c:\documents and settings\Devon\Local Settings\Application Data\Identities
2010-03-01 20:11 . 2010-03-01 20:11 -------- d-----w- c:\documents and settings\Devon\Application Data\Windows Desktop Search
2010-02-28 23:55 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 23:54 . 2010-02-28 23:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-28 23:54 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 20:46 . 2010-02-15 20:46 -------- d-----w- C:\found.008
2010-02-15 00:11 . 2010-02-15 00:11 -------- d-----w- c:\program files\MSXML 6.0
2010-02-14 23:55 . 2010-02-14 23:55 -------- d-----w- c:\program files\Trend Micro
2010-02-14 23:32 . 2010-02-14 23:32 -------- d-----w- c:\program files\ERUNT
2010-02-14 23:10 . 2010-02-14 23:10 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-02-14 23:07 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-14 23:06 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-14 23:04 . 2009-08-04 12:49 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-14 23:04 . 2009-08-04 12:51 2185984 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-14 23:04 . 2009-08-04 12:02 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-14 23:04 . 2009-08-04 12:02 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 18:25 . 2006-07-21 22:46 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-02-11 17:20 . 2004-08-04 10:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-02-11 17:20 . 2004-08-04 10:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-02-11 17:20 . 2004-08-04 10:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-02-11 17:20 . 2004-08-04 10:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-02-11 17:20 . 2004-08-04 10:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-02-11 17:20 . 2004-08-04 10:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-02-11 17:18 . 2004-08-04 10:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-02-11 17:17 . 2004-08-04 10:00 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2010-02-11 17:15 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-02 02:05 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-02 02:05 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-02 02:05 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-02 02:05 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\mui
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\msapps
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\dell
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\Connection Wizard
2010-02-01 20:41 . 2010-02-01 20:41 -------- d-----w- c:\windows\Config
2010-02-01 16:58 . 2010-02-01 16:58 -------- d-----w- C:\found.007
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 22:39 . 2008-10-28 03:54 -------- d-----w- c:\program files\lx_cats
2010-03-01 20:18 . 2008-08-29 15:54 92016 ----a-w- c:\documents and settings\Devon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-01 20:17 . 2008-09-03 20:41 -------- d-----w- c:\documents and settings\Devon\Application Data\Apple Computer
2010-02-28 23:41 . 2008-09-03 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-28 03:15 . 2008-08-29 01:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-27 20:48 . 2009-04-27 15:56 -------- d-----w- c:\program files\McAfee
2010-02-26 02:09 . 2006-12-23 06:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-15 19:52 . 2008-08-28 22:21 92016 ----a-w- c:\documents and settings\Dawn\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 04:55 . 2006-12-23 06:46 -------- d-----w- c:\program files\Google
2010-02-13 04:29 . 2008-08-29 01:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-12 18:24 . 2009-11-08 23:10 -------- d-----w- c:\program files\Dl_cats
2010-02-11 17:14 . 2004-08-10 19:02 26860 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-26 05:24 . 2008-08-29 01:48 73184 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-25 01:41 . 2010-01-25 01:41 0 ----a-w- c:\windows\DXT54.tmp
2010-01-25 01:39 . 2010-01-25 01:36 -------- d-----w- c:\program files\Crime Cities
2010-01-25 01:36 . 2010-01-25 01:36 -------- d-----w- c:\program files\directx
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT47.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT46.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT45.tmp
2010-01-25 01:36 . 2010-01-25 01:36 0 ----a-w- c:\windows\DXT44.tmp
2010-01-25 01:33 . 2009-08-09 20:00 256 ----a-w- c:\windows\system32\pool.bin
2010-01-22 01:13 . 2009-03-20 16:24 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 02:32 . 2008-09-05 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-18 01:31 . 2010-01-18 01:31 -------- d-----w- c:\documents and settings\Dawn\Application Data\BigFishGames
2010-01-18 01:17 . 2010-01-18 01:14 -------- d-----w- c:\program files\Penny Dreadfuls - Sweeney Todd Collector's Edition
2010-01-15 13:42 . 2010-01-15 13:41 -------- d-----w- c:\program files\Princess Isabella - A Witch's Curse
2010-01-15 00:08 . 2009-12-13 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 17:31 . 2010-01-12 17:30 -------- d-----w- c:\program files\The Fall Trilogy
2010-01-12 17:25 . 2008-09-05 23:12 -------- d-----w- c:\program files\bfgclient
2010-01-12 00:54 . 2008-09-04 19:29 39 ----a-w- c:\documents and settings\Dawn\jagex_runescape_preferences.dat
2010-01-12 00:48 . 2009-09-02 21:19 69 ----a-w- c:\documents and settings\Dawn\jagex_runescape_preferences2.dat
2010-01-11 17:11 . 2010-01-11 17:11 -------- d-----w- c:\documents and settings\Dawn\Application Data\Windows Desktop Search
2010-01-11 17:07 . 2010-01-10 22:17 -------- d-----w- c:\program files\Windows Desktop Search
2010-01-11 14:04 . 2008-09-11 00:37 -------- d-----w- c:\documents and settings\Dawn\Application Data\Skype
2010-01-11 14:00 . 2008-09-11 00:38 -------- d-----w- c:\documents and settings\Dawn\Application Data\skypePM
2010-01-10 16:37 . 2009-02-17 01:04 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-10 16:36 . 2010-01-10 16:36 8854 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\Uninstall_GameShadow_B860267642A24815A556C23750EF5A47.exe
2010-01-10 16:36 . 2010-01-10 16:36 45056 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2010-01-10 16:36 . 2010-01-10 16:36 45056 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\ARPPRODUCTICON.exe
2010-01-10 16:36 . 2010-01-10 16:36 3262 ----a-r- c:\documents and settings\Dawn\Application Data\Microsoft\Installer\{16393B5A-43A8-434B-B22A-0724581F7873}\NewShortcut1_D50BB830396148EB83D903A04C63534F_1.exe
2010-01-10 16:36 . 2010-01-10 16:35 -------- d-----w- c:\program files\GameShadow
2010-01-10 16:20 . 2010-01-10 16:20 -------- d-----w- c:\program files\Eidos
2010-01-10 16:19 . 2010-01-10 16:19 -------- d-----w- c:\program files\OpenAL
2010-01-10 16:19 . 2010-01-10 16:19 418480 ----a-w- c:\windows\system32\wrap_oal.dll
2010-01-10 16:19 . 2010-01-10 16:19 115432 ----a-w- c:\windows\system32\OpenAL32.dll
2010-01-10 16:09 . 2009-06-17 22:02 -------- d-----w- c:\program files\MSN Games
2010-01-10 05:12 . 2009-02-15 18:11 -------- d-----w- c:\program files\Bonjour
2010-01-10 03:51 . 2008-10-12 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-06 06:01 . 2009-08-09 20:09 -------- d-----w- c:\documents and settings\Dawn\Application Data\Roxio
2010-01-06 06:01 . 2009-08-09 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-06 04:53 . 2008-09-03 22:38 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-04 19:57 . 2008-08-29 01:41 -------- d-----w- c:\program files\Java
2010-01-04 19:55 . 2010-01-04 19:55 152576 ----a-w- c:\documents and settings\Dawn\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-04 19:54 . 2010-01-04 19:54 79488 ----a-w- c:\documents and settings\Dawn\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-04 04:56 . 2010-01-04 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Princess Isabella
2010-01-04 02:58 . 2010-01-04 02:58 -------- d-----w- c:\program files\TomTom International B.V
2010-01-04 02:58 . 2010-01-04 02:57 -------- d-----w- c:\program files\TomTom HOME 2
2009-12-31 16:14 . 2004-08-04 10:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-26 02:48 . 2009-12-26 02:48 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-12-22 05:42 . 2006-03-04 03:33 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2004-08-10 19:01 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 18:34 . 2009-12-11 18:34 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-07 23:03 . 2010-01-04 22:30 6640976 ----a-w- c:\documents and settings\Dawn\Application Data\TomTom\HOME\Profiles\ldac7136.default\extensions\Navcore.9.025.477770@tomtom.com\9-025-477770-1.dll
2009-12-04 14:41 . 2004-08-04 10:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-02-27_21.22.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-01 13:55 . 2010-03-01 13:55 16384 c:\windows\Temp\Perflib_Perfdata_a8c.dat
+ 2010-03-01 13:54 . 2010-03-01 13:54 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2008-08-29 01:13 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2008-08-29 01:13 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2010-02-15 03:20 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2008-08-29 00:16 . 2010-03-02 01:31 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-08-29 00:16 . 2010-02-27 19:50 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-28 02:00 . 2010-03-02 01:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-28 14:55 . 2010-02-28 14:55 22528 c:\windows\Installer\191920.msi
+ 2010-03-01 13:55 . 2005-10-20 17:02 163328 c:\windows\erdnt\AutoBackup\3-1-2010\ERDNT.EXE
+ 2010-02-28 14:28 . 2005-10-20 17:02 163328 c:\windows\erdnt\AutoBackup\2-28-2010\ERDNT.EXE
+ 2010-03-01 13:55 . 2010-03-01 13:55 3907584 c:\windows\erdnt\AutoBackup\3-1-2010\Users\00000002\UsrClass.dat
+ 2010-02-28 14:28 . 2010-02-28 14:28 3907584 c:\windows\erdnt\AutoBackup\2-28-2010\Users\00000002\UsrClass.dat
+ 2010-03-01 13:55 . 2010-03-01 13:55 10850304 c:\windows\erdnt\AutoBackup\3-1-2010\Users\00000001\ntuser.dat
+ 2010-02-28 14:28 . 2010-02-28 14:28 10850304 c:\windows\erdnt\AutoBackup\2-28-2010\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-09-11 218032]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-09-11 218032]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
c:\documents and settings\Dawn\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-5-30 1508624]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"BigDogPath"=c:\windows\VM_STI.EXE USB(VGA) Camera
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe"
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" /s
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 11:06 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/1/2009 3:31 PM 54752]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2/18/2009 2:49 PM 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/27/2009 10:58 AM 93320]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]
S2 0120791267303313mcinstcleanup;McAfee Application Installer Cleanup (0120791267303313);c:\windows\TEMP\012079~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\012079~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a8e9c7044744;Google Update Service (gupdate1c9a8e9c7044744);c:\program files\Google\Update\GoogleUpdate.exe [3/19/2009 6:23 PM 133104]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 9:48 PM 704864]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" --> c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [8/4/2004 5:00 AM 5120]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408]
S3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [11/14/2008 8:45 AM 90845]
.
Contents of the 'Scheduled Tasks' folder
2010-02-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 23:23]
2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-19 23:23]
2010-03-02 c:\windows\Tasks\User_Feed_Synchronization-{85E6FDC2-6880-4919-9254-8E044B8735F7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sympatico.msn.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {0FF9292C-15E9-49C4-837A-5AAADF57C6F3} = 207.164.234.193 207.164.234.129
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 20:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-03-01 20:47:40
ComboFix-quarantined-files.txt 2010-03-02 01:47
ComboFix2.txt 2010-02-27 21:25
Pre-Run: 10,005,958,656 bytes free
Post-Run: 9,961,402,368 bytes free
- - End Of File - - A226609D9E163A9AE1E3D98566FF3A80
DDS (Ver_09-09-29.01) - NTFSx86
Run by Dawn at 14:19:12.79 on Wed 03/03/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.2.1033.18.1014.500 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell AIO 810\dlcgmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Dawn\My Documents\Downloads\dds (1).com
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://sympatico.msn.ca/
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\dawn\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} - hxxp://games.bigfishgames.com/en_trijinx/online/TriJinx.1.0.0.55.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://games.bigfishgames.com/en_zenerchi/online/ZenerchiWeb.1.0.0.10.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {0FF9292C-15E9-49C4-837A-5AAADF57C6F3} = 207.164.234.193 207.164.234.129
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
P2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-27 144704]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-1 54752]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2009-2-18 72672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-27 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-27 359952]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-27 40552]
S2 0120791267303313mcinstcleanup;McAfee Application Installer Cleanup (0120791267303313);c:\windows\temp\012079~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\012079~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate1c9a8e9c7044744;Google Update Service (gupdate1c9a8e9c7044744);c:\program files\google\update\GoogleUpdate.exe [2009-3-19 133104]
S2 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program files\turbine\turbine download manager\TurbineMessageService.exe [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [?]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-27 34248]
S3 Radialpoint Security Services;Radialpoint Security Services;c:\windows\system32\dllhost.exe [2004-8-4 5120]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
S3 ZSMC302;USB(VGA) Camera;c:\windows\system32\drivers\usbvm302.sys [2008-11-14 90845]
=============== Created Last 30 ================
2010-02-28 18:55 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-28 18:54 19,160 a------- c:\windows\system32\drivers\mbam.sys
2010-02-28 18:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2010-02-27 16:06 261,632 a------- c:\windows\PEV.exe
2010-02-27 16:06 77,312 a------- c:\windows\MBR.exe
2010-02-15 15:46 <DIR> --d----- C:\found.008
2010-02-14 19:11 <DIR> --d----- c:\program files\MSXML 6.0
2010-02-14 18:55 <DIR> --d----- c:\program files\Trend Micro
2010-02-14 18:10 <DIR> --d----- c:\windows\system32\CatRoot_bak
2010-02-14 18:07 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2010-02-14 18:06 453,760 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2010-02-14 18:04 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-14 18:04 2,185,984 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-14 18:04 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-14 18:04 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 13:25 155,648 a------- c:\windows\system32\igfxres.dll
2010-02-11 12:19 14,336 ac------ c:\windows\system32\dllcache\tsprof.exe
2010-02-11 12:18 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2010-02-11 12:17 331,264 ac------ c:\windows\system32\dllcache\aqueue.dll
2010-02-11 12:15 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\WindowsShell.Manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2010-02-11 12:15 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2010-02-11 12:15 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2010-02-11 12:13 <DIR> --d----- c:\program files\Messenger
2010-02-11 11:57 10,559 a----r-- c:\windows\SETA8.tmp
2010-02-11 11:57 22,339 a----r-- c:\windows\SETA7.tmp
2010-02-11 11:57 13,753 a----r-- c:\windows\SET74.tmp
2010-02-11 11:57 1,086,058 a----r-- c:\windows\SET68.tmp
2010-02-11 11:57 1,042,903 a----r-- c:\windows\SET65.tmp
2010-02-01 21:32 43,008 a------- c:\windows\system32\SET181.tmp
2010-02-01 15:41 <DIR> --d----- c:\windows\mui
2010-02-01 15:41 <DIR> --d----- c:\windows\msapps
2010-02-01 15:41 <DIR> --d----- c:\windows\dell
2010-02-01 15:41 <DIR> --d----- c:\windows\Connection Wizard
2010-02-01 15:41 <DIR> --d----- c:\windows\Config
==================== Find3M ====================
2010-02-11 12:14 26,860 a------- c:\windows\system32\emptyregdb.dat
2010-01-26 00:24 73,184 a---h--- c:\windows\system32\mlfcache.dat
2010-01-11 19:54 39 a------- c:\documents and settings\dawn\jagex_runescape_preferences.dat
2010-01-11 19:48 69 a------- c:\documents and settings\dawn\jagex_runescape_preferences2.dat
2010-01-10 11:37 107,888 a------- c:\windows\system32\CmdLineExt.dll
2010-01-10 11:19 418,480 a------- c:\windows\system32\wrap_oal.dll
2010-01-10 11:19 115,432 a------- c:\windows\system32\OpenAL32.dll
2009-12-22 00:42 662,016 -------- c:\windows\system32\wininet.dll
2009-12-22 00:42 81,920 a------- c:\windows\system32\ieencode.dll
2009-12-16 07:58 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-14 02:35 33,280 a------- c:\windows\system32\csrsrv.dll
2009-10-14 10:48 1,128 a------- c:\docume~1\dawn\applic~1\wklnhst.dat
2008-12-14 17:54 32 a----r-- c:\documents and settings\all users\hash.dat
2008-09-22 10:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091520080922\index.dat
2008-09-22 10:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat
============= FINISH: 14:20:13.21 ===============
Hi,
Could you run online scan with Internet Explorer instead of Safari, please? I don't think Safari is supported yet.
I can't access the internet through explorer, the computer won't let me! I was using google chrome. Safari was deleted!
Hi,
I can't access the internet through explorer, the computer won't let me!
Do you get any error message? When did this problem become to occur?
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.