Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had virus, removed malware, but still can't remove all


  • This topic is locked This topic is locked
28 replies to this topic

#1 brianch

brianch

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 12:40 PM

I downloaded and scanned using GMER as instructed, but this crashed my system twice...

I removed the virus (or so I thought) using McAfee, Malware Bytes anit malware and spybot search and destroy. Since then my less than one year old Toshiba Satellite is moving much slower and I still occasionally find new malware. Please help me. (I also have Hijack This)


DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 11:01:49.56 on Wed 02/24/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1792 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Google\Google Media Server\GoogleMediaServer.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Flock\flock.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Favorites\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [Skytel] Skytel.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\b79xe3ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=70m6ub50kkcd0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\users\owner\appdata\local\huludesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\users\owner\appdata\local\yahoo!\browserplus\2.4.21\plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 Google MediaServer;Google MediaServer;c:\program files\google\google media server\GoogleMediaServer.exe [2009-7-7 622080]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-1-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-1-9 144704]
R2 OpenLibSys;OpenLibSys;c:\program files\nxp\fm radio\OpenLibSys.sys [2009-6-17 14672]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-1-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-9 40552]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S2 GSRestartSvc;GSRestartSvc;"c:\programdata\geek squad\customizer\gsrestartsvc.exe" --> c:\programdata\geek squad\customizer\GSRestartSvc.exe [?]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-9 34248]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-20 9216]

=============== Created Last 30 ================

2010-02-20 18:35:39 0 d-----w- c:\users\owner\appdata\roaming\Leawo
2010-02-20 16:51:30 0 d-----w- c:\program files\iPod(1)
2010-02-19 01:12:40 0 d-----w- c:\program files\TweetDeck
2010-02-17 01:37:56 0 d-----w- c:\users\owner\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-02-11 19:53:29 0 d-----w- c:\program files\common files\PX Storage Engine
2010-02-11 19:52:23 0 d-----w- c:\program files\common files\Sonic Shared
2010-02-11 19:52:22 0 d-----w- c:\program files\Roxio
2010-02-11 19:39:41 0 d-----w- c:\programdata\Research In Motion
2010-02-04 17:35:58 0 d-----w- c:\program files\V CAST Music with Rhapsody
2010-02-01 18:21:09 864 ----a-w- C:\net_save.dna
2010-02-01 18:19:41 0 d-----w- c:\program files\support.com
2010-01-28 13:29:42 0 d-----w- c:\programdata\Sun

==================== Find3M ====================

2010-02-23 14:51:22 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-23 14:51:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-11 20:01:23 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 20:56:44 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-17 23:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-01 00:02:40 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-12-01 00:02:38 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-04 22:02:40 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-15 04:38:32 7349744 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-17 02:30:23 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-06-06 00:29:41 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-06-06 00:29:39 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 11:03:02.68 ===============


BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 24 February 2010 - 01:38 PM

Greetings brianch and Welcome to the Forums,

Please uninstall these:
Java™ 6 Update 6
LimeWire PRO 5.4.6


When the uninstall's complete, reboot the computer.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 02:08 PM

ComboFix 10-02-24.01 - Owner 02/24/2010 12:55:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1788 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1613085345-1796840964-2308868410-500
c:\$recycle.bin\S-1-5-21-737594619-1414829202-3786626943-500

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 19:02 . 2010-02-24 19:03 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-02-24 19:02 . 2010-02-24 19:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-24 19:02 . 2010-02-24 19:02 -------- d-----w- c:\users\Godkids\AppData\Local\temp
2010-02-20 18:35 . 2010-02-20 18:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Leawo
2010-02-20 16:51 . 2010-02-20 19:16 -------- d-----w- c:\program files\iPod(1)
2010-02-19 01:12 . 2010-02-19 01:12 -------- d-----w- c:\program files\TweetDeck
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 01:28 . 2010-02-12 01:28 -------- d-----w- c:\users\Godkids\AppData\Roaming\TOSHIBA
2010-02-11 20:01 . 2010-02-11 20:01 26694 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{82FB382F-60E5-47A0-A3D1-4BF235B594C3}\BlackBerry.exe
2010-02-11 19:53 . 2010-02-11 19:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-11 19:52 . 2010-02-11 19:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-11 19:52 . 2010-02-11 19:53 -------- d-----w- c:\program files\Roxio
2010-02-11 19:39 . 2010-02-11 19:41 -------- d-----w- c:\programdata\Research In Motion
2010-02-04 17:35 . 2010-02-04 17:36 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2010-02-01 18:19 . 2010-02-13 21:49 -------- d-----w- c:\program files\support.com
2010-02-01 18:19 . 2010-02-01 18:19 -------- d-----w- c:\users\Owner\AppData\Local\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Java
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-23 17:59 . 2009-06-13 21:04 -------- d-----w- c:\users\Owner\AppData\Roaming\LimeWire
2010-02-20 19:05 . 2010-01-12 01:13 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFLVConverter
2010-02-20 19:05 . 2009-09-12 16:12 -------- d-----w- c:\program files\iTunes
2010-02-20 19:05 . 2009-11-14 20:12 -------- d-----w- c:\program files\iPod
2010-02-20 19:05 . 2009-07-11 15:52 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 18:47 . 2009-06-13 19:37 -------- d-----w- c:\program files\Flock
2010-02-20 16:51 . 2009-07-04 22:22 -------- d-----w- c:\programdata\Apple Computer
2010-02-19 01:09 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee
2010-02-12 01:24 . 2009-12-23 02:37 129856 ----a-w- c:\users\Godkids\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:08 . 2009-06-06 00:30 129856 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:00 . 2009-09-25 15:34 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-11 19:53 . 2009-09-29 22:44 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-11 19:52 . 2009-09-30 01:55 -------- d-----w- c:\programdata\Roxio
2010-02-11 19:52 . 2008-08-14 19:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 19:41 . 2009-09-25 15:34 -------- d-----w- c:\program files\Research In Motion
2010-02-11 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 13:38 . 2009-01-18 06:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 15:37 . 2008-08-14 19:41 -------- d-----w- c:\program files\Picasa2
2010-02-07 23:01 . 2009-12-23 02:56 16454312 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
2010-02-07 23:00 . 2009-12-23 02:56 135168 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\StringTableEditorMFC.dll
2010-02-07 23:00 . 2009-12-23 02:56 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\PatchClientUIRsrc-En.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Shockalock.dll
2010-02-07 23:00 . 2009-12-23 02:56 40960 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_PotionMotion.dll
2010-02-07 23:00 . 2009-12-23 02:56 53248 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_HotShots.dll
2010-02-07 23:00 . 2009-12-23 02:56 94208 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Dueling_Diego.dll
2010-02-07 23:00 . 2009-12-23 02:56 24576 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Concentration.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_ChooChooZoo.dll
2010-02-07 23:00 . 2009-12-23 02:56 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\ConfiguratorResEnglish.dll
2010-02-07 23:00 . 2009-12-23 02:51 180904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
2010-02-07 22:59 . 2009-12-23 02:55 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2010-02-07 22:58 . 2009-12-23 02:55 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:51 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:55 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:51 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:55 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2010-02-07 22:58 . 2009-12-23 02:51 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2010-02-06 19:48 . 2008-08-14 19:40 -------- d-----w- c:\program files\Google
2010-01-22 01:35 . 2010-01-22 01:35 177024 ----a-w- c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\FlashGot.exe
2010-01-21 09:33 . 2009-06-20 00:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:14 . 2010-01-19 18:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-18 02:37 . 2010-01-18 02:37 -------- d-----w- c:\users\Godkids\AppData\Roaming\Research In Motion
2010-01-14 19:00 . 2009-07-07 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 17:12 . 2009-10-03 13:55 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 01:54 . 2010-01-12 01:53 -------- d-----w- c:\program files\QuickTime
2010-01-12 01:13 . 2010-01-12 01:13 -------- d-----w- c:\program files\Free FLV Converter
2010-01-09 23:24 . 2009-06-13 16:49 -------- d-----w- c:\programdata\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee.com
2010-01-09 18:47 . 2010-01-03 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 17:49 . 2009-06-13 20:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-01-09 17:29 . 2009-06-13 20:53 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-01-09 16:57 . 2010-01-03 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 16:57 . 2010-01-09 16:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2010-01-03 18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-03 18:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 21:15 . 2010-01-03 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-03 20:56 . 2009-06-19 03:28 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-03 05:12 . 2010-01-03 05:12 -------- d-----w- c:\program files\Trend Micro
2010-01-02 06:38 . 2010-01-22 04:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 04:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 04:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 04:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 04:40 . 2009-12-25 04:40 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 02:57 . 2009-12-23 02:57 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-12-23 02:57 . 2009-12-23 02:57 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGraphicalClient.exe
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGraphicalClient.exe
2009-12-18 00:17 . 2009-12-23 02:55 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:55 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:55 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:55 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\gdiplus.dll
2009-12-18 00:17 . 2009-12-23 02:51 37032 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Wizard101.exe
2009-12-18 00:17 . 2009-12-23 02:51 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2009-12-18 00:17 . 2009-12-23 02:51 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:51 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:51 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:51 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\gdiplus.dll
2009-12-17 23:14 . 2009-07-07 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 11:43 . 2010-02-10 15:31 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 15:31 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 15:31 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 15:31 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 15:31 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 15:31 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 15:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 15:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 15:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 15:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 15:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 15:31 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 15:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 15:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 15:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 15:31 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 15:31 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-06 00:29 . 2009-06-06 00:29 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-06 00:29 . 2009-06-06 00:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:93,81,73,22,81,e6,c9,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 6:58 PM 40960]
R2 Google MediaServer;Google MediaServer;c:\program files\Google\Google Media Server\GoogleMediaServer.exe [7/7/2009 9:43 AM 622080]
R2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [6/17/2009 7:37 AM 14672]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 1:15 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/14/2008 1:08 PM 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4/28/2008 8:29 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
S2 GSRestartSvc;GSRestartSvc;"c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe" --> c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe [?]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 11:58 PM 133104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 6:03 PM 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/20/2008 12:41 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-02-24 c:\windows\Tasks\User_Feed_Synchronization-{5B1FA914-F285-437C-B369-B3D41F8045ED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=70m6ub50kkcd0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Owner\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 13:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-24 13:06:03
ComboFix-quarantined-files.txt 2010-02-24 19:06

Pre-Run: 210,899,644,416 bytes free
Post-Run: 210,897,760,256 bytes free

- - End Of File - - 802A10216C2DECA3DDCFDA128E35374B


#4 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 02:12 PM

OH, and thank you for your help 1972vet. I greatly appreciate it.

#5 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 24 February 2010 - 03:42 PM

Well that log looks pretty good...little more to go yet though. by the way, do you have any idea What this is?
c:\windows\system32\TubeFinder.exe
...I don't. If you don't either, we should remove it, just let me know.

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

Folder::
c:\users\Owner\AppData\Roaming\LimeWire

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#6 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 04:14 PM

not familiar with c:\windows\system32\TubeFinder.exe we can definitely remove it


ComboFix 10-02-24.01 - Owner 02/24/2010 14:54:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1674 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Roaming\LimeWire
c:\users\Owner\AppData\Roaming\LimeWire\active.mojito
c:\users\Owner\AppData\Roaming\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\composer.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_html.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\directory.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\downloads.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\editor.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\extensions.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\inspector.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\locale.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\places.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\profile.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\shistory.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\storage.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\transformiix.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\update.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\widget.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\windowds.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microformats.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditable.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.png
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\language.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\Owner\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\Owner\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\Owner\AppData\Roaming\LimeWire\createtimes.cache
c:\users\Owner\AppData\Roaming\LimeWire\downloads.dat
c:\users\Owner\AppData\Roaming\LimeWire\fileurns.cache
c:\users\Owner\AppData\Roaming\LimeWire\friend-indices\friend-indices.data
c:\users\Owner\AppData\Roaming\LimeWire\friend-indices\friend-indices.log
c:\users\Owner\AppData\Roaming\LimeWire\friend-indices\friend-indices.properties
c:\users\Owner\AppData\Roaming\LimeWire\installation.props
c:\users\Owner\AppData\Roaming\LimeWire\library.dat
c:\users\Owner\AppData\Roaming\LimeWire\library5.dat
c:\users\Owner\AppData\Roaming\LimeWire\limewire.props
c:\users\Owner\AppData\Roaming\LimeWire\lock
c:\users\Owner\AppData\Roaming\LimeWire\mojito.props
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\AE98BDF4d01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\B9DF1160d01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAADB0B5d01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\BAFF9ABCd01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\Cache\CFF25DC1d01
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\Owner\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\Owner\AppData\Roaming\LimeWire\player.props
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.lck
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.log
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\Owner\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\Owner\AppData\Roaming\LimeWire\questions.props
c:\users\Owner\AppData\Roaming\LimeWire\responses.cache
c:\users\Owner\AppData\Roaming\LimeWire\simpp.xml
c:\users\Owner\AppData\Roaming\LimeWire\spam.dat
c:\users\Owner\AppData\Roaming\LimeWire\tables.props
c:\users\Owner\AppData\Roaming\LimeWire\ttdata.cache
c:\users\Owner\AppData\Roaming\LimeWire\ttroot.cache
c:\users\Owner\AppData\Roaming\LimeWire\version.xml
c:\users\Owner\AppData\Roaming\LimeWire\versions.props
c:\users\Owner\AppData\Roaming\LimeWire\xml\data\audio.sxml3
c:\users\Owner\AppData\Roaming\LimeWire\xml\data\video.sxml3

.
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.

2010-02-24 21:01 . 2010-02-24 21:06 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-02-24 21:01 . 2010-02-24 21:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-24 21:01 . 2010-02-24 21:01 -------- d-----w- c:\users\Godkids\AppData\Local\temp
2010-02-20 18:35 . 2010-02-20 18:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Leawo
2010-02-20 16:51 . 2010-02-20 19:16 -------- d-----w- c:\program files\iPod(1)
2010-02-19 01:12 . 2010-02-19 01:12 -------- d-----w- c:\program files\TweetDeck
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 01:28 . 2010-02-12 01:28 -------- d-----w- c:\users\Godkids\AppData\Roaming\TOSHIBA
2010-02-11 20:01 . 2010-02-11 20:01 26694 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{82FB382F-60E5-47A0-A3D1-4BF235B594C3}\BlackBerry.exe
2010-02-11 19:53 . 2010-02-11 19:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-11 19:52 . 2010-02-11 19:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-11 19:52 . 2010-02-11 19:53 -------- d-----w- c:\program files\Roxio
2010-02-11 19:39 . 2010-02-11 19:41 -------- d-----w- c:\programdata\Research In Motion
2010-02-04 17:35 . 2010-02-04 17:36 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2010-02-01 18:19 . 2010-02-13 21:49 -------- d-----w- c:\program files\support.com
2010-02-01 18:19 . 2010-02-01 18:19 -------- d-----w- c:\users\Owner\AppData\Local\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Java
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-20 19:05 . 2010-01-12 01:13 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFLVConverter
2010-02-20 19:05 . 2009-09-12 16:12 -------- d-----w- c:\program files\iTunes
2010-02-20 19:05 . 2009-11-14 20:12 -------- d-----w- c:\program files\iPod
2010-02-20 19:05 . 2009-07-11 15:52 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 18:47 . 2009-06-13 19:37 -------- d-----w- c:\program files\Flock
2010-02-20 16:51 . 2009-07-04 22:22 -------- d-----w- c:\programdata\Apple Computer
2010-02-19 01:09 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee
2010-02-12 01:24 . 2009-12-23 02:37 129856 ----a-w- c:\users\Godkids\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:08 . 2009-06-06 00:30 129856 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:00 . 2009-09-25 15:34 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-11 19:53 . 2009-09-29 22:44 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-11 19:52 . 2009-09-30 01:55 -------- d-----w- c:\programdata\Roxio
2010-02-11 19:52 . 2008-08-14 19:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 19:41 . 2009-09-25 15:34 -------- d-----w- c:\program files\Research In Motion
2010-02-11 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 13:38 . 2009-01-18 06:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 15:37 . 2008-08-14 19:41 -------- d-----w- c:\program files\Picasa2
2010-02-07 23:01 . 2009-12-23 02:56 16454312 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
2010-02-07 23:00 . 2009-12-23 02:56 135168 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\StringTableEditorMFC.dll
2010-02-07 23:00 . 2009-12-23 02:56 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\PatchClientUIRsrc-En.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Shockalock.dll
2010-02-07 23:00 . 2009-12-23 02:56 40960 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_PotionMotion.dll
2010-02-07 23:00 . 2009-12-23 02:56 53248 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_HotShots.dll
2010-02-07 23:00 . 2009-12-23 02:56 94208 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Dueling_Diego.dll
2010-02-07 23:00 . 2009-12-23 02:56 24576 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Concentration.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_ChooChooZoo.dll
2010-02-07 23:00 . 2009-12-23 02:56 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\ConfiguratorResEnglish.dll
2010-02-07 23:00 . 2009-12-23 02:51 180904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
2010-02-07 22:59 . 2009-12-23 02:55 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2010-02-07 22:58 . 2009-12-23 02:55 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:51 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:55 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:51 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:55 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2010-02-07 22:58 . 2009-12-23 02:51 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2010-02-06 19:48 . 2008-08-14 19:40 -------- d-----w- c:\program files\Google
2010-01-22 01:35 . 2010-01-22 01:35 177024 ----a-w- c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\FlashGot.exe
2010-01-21 09:33 . 2009-06-20 00:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:14 . 2010-01-19 18:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-18 02:37 . 2010-01-18 02:37 -------- d-----w- c:\users\Godkids\AppData\Roaming\Research In Motion
2010-01-14 19:00 . 2009-07-07 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 17:12 . 2009-10-03 13:55 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 01:54 . 2010-01-12 01:53 -------- d-----w- c:\program files\QuickTime
2010-01-12 01:13 . 2010-01-12 01:13 -------- d-----w- c:\program files\Free FLV Converter
2010-01-09 23:24 . 2009-06-13 16:49 -------- d-----w- c:\programdata\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee.com
2010-01-09 18:47 . 2010-01-03 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 17:49 . 2009-06-13 20:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-01-09 17:29 . 2009-06-13 20:53 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-01-09 16:57 . 2010-01-03 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 16:57 . 2010-01-09 16:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2010-01-03 18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-03 18:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 21:15 . 2010-01-03 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-03 20:56 . 2009-06-19 03:28 311296 ----a-w- c:\windows\system32\TubeFinder.exe
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-03 05:12 . 2010-01-03 05:12 -------- d-----w- c:\program files\Trend Micro
2010-01-02 06:38 . 2010-01-22 04:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 04:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 04:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 04:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 04:40 . 2009-12-25 04:40 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 02:57 . 2009-12-23 02:57 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-12-23 02:57 . 2009-12-23 02:57 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGraphicalClient.exe
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGraphicalClient.exe
2009-12-18 00:17 . 2009-12-23 02:55 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:55 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:55 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:55 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\gdiplus.dll
2009-12-18 00:17 . 2009-12-23 02:51 37032 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Wizard101.exe
2009-12-18 00:17 . 2009-12-23 02:51 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2009-12-18 00:17 . 2009-12-23 02:51 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:51 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:51 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:51 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\gdiplus.dll
2009-12-17 23:14 . 2009-07-07 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 11:43 . 2010-02-10 15:31 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 15:31 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 15:31 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 15:31 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 15:31 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 15:31 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 15:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 15:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 15:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 15:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 15:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 15:31 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 15:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 15:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 15:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 15:31 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 15:31 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 03:10 . 2009-12-04 03:10 69 ----a-w- c:\windows\GPlrLanc.dat
2009-06-06 00:29 . 2009-06-06 00:29 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-06 00:29 . 2009-06-06 00:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-24_19.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-02-24 21:07 81634 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-02-24 21:07 81708 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-06 07:04 . 2010-02-24 21:07 15164 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-737594619-1414829202-3786626943-1000_UserData.bin
+ 2009-01-18 07:48 . 2010-02-24 21:06 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-24 21:06 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-24 21:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-24 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 16:05 . 2010-02-24 21:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-24 21:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-24 21:02 . 2010-02-24 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-24 21:02 . 2010-02-24 21:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-06 08:02 . 2010-02-24 18:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-06 08:02 . 2010-02-24 21:03 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-01-18 07:40 . 2010-02-24 18:44 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-18 07:40 . 2010-02-24 21:02 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:93,81,73,22,81,e6,c9,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 6:58 PM 40960]
R2 Google MediaServer;Google MediaServer;c:\program files\Google\Google Media Server\GoogleMediaServer.exe [7/7/2009 9:43 AM 622080]
R2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [6/17/2009 7:37 AM 14672]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 1:15 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/14/2008 1:08 PM 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4/28/2008 8:29 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
S2 GSRestartSvc;GSRestartSvc;"c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe" --> c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe [?]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 11:58 PM 133104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 6:03 PM 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/20/2008 12:41 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-02-24 c:\windows\Tasks\User_Feed_Synchronization-{5B1FA914-F285-437C-B369-B3D41F8045ED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=70m6ub50kkcd0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Owner\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 15:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-02-24 15:10:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-24 21:10
ComboFix2.txt 2010-02-24 19:06

Pre-Run: 210,167,386,112 bytes free
Post-Run: 210,550,472,704 bytes free

- - End Of File - - 808239ADE23CBF306C2D9DC92D615EF3


#7 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 24 February 2010 - 04:23 PM

OK, one more:

Please open a blank Notepad by clicking start-->run
Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

File::
c:\windows\system32\TubeFinder.exe

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#8 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 07:50 PM

ComboFix 10-02-24.01 - Owner 02/24/2010 18:33:55.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1781 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\TubeFinder.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\TubeFinder.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 00:40 . 2010-02-25 00:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-25 00:40 . 2010-02-25 00:40 -------- d-----w- c:\users\Godkids\AppData\Local\temp
2010-02-25 00:40 . 2010-02-25 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-24 21:10 . 2010-02-25 00:45 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-02-20 18:35 . 2010-02-20 18:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Leawo
2010-02-20 16:51 . 2010-02-20 19:16 -------- d-----w- c:\program files\iPod(1)
2010-02-19 01:12 . 2010-02-19 01:12 -------- d-----w- c:\program files\TweetDeck
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 01:28 . 2010-02-12 01:28 -------- d-----w- c:\users\Godkids\AppData\Roaming\TOSHIBA
2010-02-11 20:01 . 2010-02-11 20:01 26694 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{82FB382F-60E5-47A0-A3D1-4BF235B594C3}\BlackBerry.exe
2010-02-11 19:53 . 2010-02-11 19:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-11 19:52 . 2010-02-11 19:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-11 19:52 . 2010-02-11 19:53 -------- d-----w- c:\program files\Roxio
2010-02-11 19:39 . 2010-02-11 19:41 -------- d-----w- c:\programdata\Research In Motion
2010-02-04 17:35 . 2010-02-04 17:36 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2010-02-01 18:19 . 2010-02-13 21:49 -------- d-----w- c:\program files\support.com
2010-02-01 18:19 . 2010-02-01 18:19 -------- d-----w- c:\users\Owner\AppData\Local\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Java
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-20 19:05 . 2010-01-12 01:13 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFLVConverter
2010-02-20 19:05 . 2009-09-12 16:12 -------- d-----w- c:\program files\iTunes
2010-02-20 19:05 . 2009-11-14 20:12 -------- d-----w- c:\program files\iPod
2010-02-20 19:05 . 2009-07-11 15:52 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 18:47 . 2009-06-13 19:37 -------- d-----w- c:\program files\Flock
2010-02-20 16:51 . 2009-07-04 22:22 -------- d-----w- c:\programdata\Apple Computer
2010-02-19 01:09 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee
2010-02-12 01:24 . 2009-12-23 02:37 129856 ----a-w- c:\users\Godkids\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:08 . 2009-06-06 00:30 129856 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:00 . 2009-09-25 15:34 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-11 19:53 . 2009-09-29 22:44 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-11 19:52 . 2009-09-30 01:55 -------- d-----w- c:\programdata\Roxio
2010-02-11 19:52 . 2008-08-14 19:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 19:41 . 2009-09-25 15:34 -------- d-----w- c:\program files\Research In Motion
2010-02-11 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 13:38 . 2009-01-18 06:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 15:37 . 2008-08-14 19:41 -------- d-----w- c:\program files\Picasa2
2010-02-07 23:01 . 2009-12-23 02:56 16454312 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
2010-02-07 23:00 . 2009-12-23 02:56 135168 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\StringTableEditorMFC.dll
2010-02-07 23:00 . 2009-12-23 02:56 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\PatchClientUIRsrc-En.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Shockalock.dll
2010-02-07 23:00 . 2009-12-23 02:56 40960 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_PotionMotion.dll
2010-02-07 23:00 . 2009-12-23 02:56 53248 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_HotShots.dll
2010-02-07 23:00 . 2009-12-23 02:56 94208 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Dueling_Diego.dll
2010-02-07 23:00 . 2009-12-23 02:56 24576 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Concentration.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_ChooChooZoo.dll
2010-02-07 23:00 . 2009-12-23 02:56 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\ConfiguratorResEnglish.dll
2010-02-07 23:00 . 2009-12-23 02:51 180904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
2010-02-07 22:59 . 2009-12-23 02:55 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2010-02-07 22:58 . 2009-12-23 02:55 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:51 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:55 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:51 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:55 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2010-02-07 22:58 . 2009-12-23 02:51 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2010-02-06 19:48 . 2008-08-14 19:40 -------- d-----w- c:\program files\Google
2010-01-22 01:35 . 2010-01-22 01:35 177024 ----a-w- c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\FlashGot.exe
2010-01-21 09:33 . 2009-06-20 00:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:14 . 2010-01-19 18:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-18 02:37 . 2010-01-18 02:37 -------- d-----w- c:\users\Godkids\AppData\Roaming\Research In Motion
2010-01-14 19:00 . 2009-07-07 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 17:12 . 2009-10-03 13:55 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 01:54 . 2010-01-12 01:53 -------- d-----w- c:\program files\QuickTime
2010-01-12 01:13 . 2010-01-12 01:13 -------- d-----w- c:\program files\Free FLV Converter
2010-01-09 23:24 . 2009-06-13 16:49 -------- d-----w- c:\programdata\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee.com
2010-01-09 18:47 . 2010-01-03 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 17:49 . 2009-06-13 20:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-01-09 17:29 . 2009-06-13 20:53 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-01-09 16:57 . 2010-01-03 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 16:57 . 2010-01-09 16:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2010-01-03 18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-03 18:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 21:15 . 2010-01-03 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-03 05:12 . 2010-01-03 05:12 -------- d-----w- c:\program files\Trend Micro
2010-01-02 06:38 . 2010-01-22 04:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 04:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 04:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 04:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 04:40 . 2009-12-25 04:40 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 02:57 . 2009-12-23 02:57 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-12-23 02:57 . 2009-12-23 02:57 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGraphicalClient.exe
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGraphicalClient.exe
2009-12-18 00:17 . 2009-12-23 02:55 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:55 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:55 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:55 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\gdiplus.dll
2009-12-18 00:17 . 2009-12-23 02:51 37032 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Wizard101.exe
2009-12-18 00:17 . 2009-12-23 02:51 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2009-12-18 00:17 . 2009-12-23 02:51 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:51 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:51 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:51 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\gdiplus.dll
2009-12-17 23:14 . 2009-07-07 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 11:43 . 2010-02-10 15:31 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 15:31 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-12-08 20:01 . 2010-02-10 15:31 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-08 20:01 . 2010-02-10 15:31 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01 . 2010-02-10 15:31 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 17:26 . 2010-02-10 15:31 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-12-04 18:30 . 2010-02-10 15:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29 . 2010-02-10 15:31 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28 . 2010-02-10 15:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28 . 2010-02-10 15:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28 . 2010-02-10 15:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28 . 2010-02-10 15:31 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28 . 2010-02-10 15:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28 . 2010-02-10 15:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27 . 2010-02-10 15:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-04 15:56 . 2010-02-10 15:31 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 15:56 . 2010-02-10 15:31 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 03:10 . 2009-12-04 03:10 69 ----a-w- c:\windows\GPlrLanc.dat
2009-12-01 00:02 . 2009-12-01 00:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-06-06 00:29 . 2009-06-06 00:29 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-06 00:29 . 2009-06-06 00:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-24_19.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-02-25 00:46 81922 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-02-25 00:46 81740 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-06 07:04 . 2010-02-25 00:46 15236 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-737594619-1414829202-3786626943-1000_UserData.bin
+ 2009-01-18 07:48 . 2010-02-25 00:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-25 00:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-25 00:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-25 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 16:05 . 2010-02-25 00:41 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-25 00:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-02-25 00:41 . 2010-02-25 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-25 00:41 . 2010-02-25 00:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-06-06 08:02 . 2010-02-24 18:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-06-06 08:02 . 2010-02-25 00:41 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-01-18 07:40 . 2010-02-24 18:44 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-18 07:40 . 2010-02-25 00:40 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:93,81,73,22,81,e6,c9,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 6:58 PM 40960]
R2 Google MediaServer;Google MediaServer;c:\program files\Google\Google Media Server\GoogleMediaServer.exe [7/7/2009 9:43 AM 622080]
R2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [6/17/2009 7:37 AM 14672]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 1:15 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/14/2008 1:08 PM 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4/28/2008 8:29 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
S2 GSRestartSvc;GSRestartSvc;"c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe" --> c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe [?]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 11:58 PM 133104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 6:03 PM 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/20/2008 12:41 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{5B1FA914-F285-437C-B369-B3D41F8045ED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=70m6ub50kkcd0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Owner\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 18:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-02-24 18:49:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-25 00:48
ComboFix2.txt 2010-02-24 21:10
ComboFix3.txt 2010-02-24 19:06

Pre-Run: 210,609,938,432 bytes free
Post-Run: 210,551,611,392 bytes free

- - End Of File - - 7D665B7CB47FCA706AEF1D8A7851A31B


#9 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 24 February 2010 - 09:37 PM

Things look pretty good now although I'm not familiar with the program "Geek Squad" so there's a little uncertainty. A google search turns up at least one recent web link to a log wherein "Windows Defender" complained that this program made some unauthorized system change:
c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe

...Do you know that program and are you certain it's ok? Everything else looks fine.

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#10 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 24 February 2010 - 10:12 PM

nope. I bought my computer from Best But, so I don't know if that's something they add 9since they use geek squad). But I do not use them and have no idea what that program is.

#11 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 25 February 2010 - 05:01 AM

I see. Considering then that Windows Defender complained about that, it would do no harm for you to install Windows Defender as well since your security is a bit lacking. It will work in harmony with your other security programs. To be certain, let's run a manual update to your on board McAfee application, then boot to safe mode and run a complete system scan. If the antivirus complains of anything, allow McAfee to quarantine whatever is found. Then boot back to your normal windows user mode, install Windows Defender and just keep it on board. Always better to be safe than sorry. Post back your results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#12 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 25 February 2010 - 09:00 AM

I have Windows Defender and it shows "your computer is running normally"

I won't be able to do much else today - work, but I appreciate the help so far.

#13 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 25 February 2010 - 10:57 AM

That's fine...I just made the silly assumption that since you hadn't mentioned a complaint by windows defender that you didn't have it. The link I referenced was recent enough that made it worth the mention, but from what you had to say, it's something that microsoft must have investigated since last September and white listed that program.

It's undoubtedly just fine then but you should still update McAfee and run the scan. The last log does appear to be just fine. When you get the time, please post back those results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#14 brianch

brianch
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 25 February 2010 - 11:28 AM

ComboFix 10-02-24.03 - Owner 02/25/2010 10:14:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1635 [GMT -6:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.

2010-02-25 16:21 . 2010-02-25 16:21 -------- d-----w- c:\users\Owner\AppData\Local\temp
2010-02-25 16:21 . 2010-02-25 16:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-25 16:21 . 2010-02-25 16:21 -------- d-----w- c:\users\Godkids\AppData\Local\temp
2010-02-25 16:21 . 2010-02-25 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-25 16:12 . 2010-02-25 16:12 -------- d-----w- C:\32788R22FWJFW
2010-02-20 18:35 . 2010-02-20 18:35 -------- d-----w- c:\users\Owner\AppData\Roaming\Leawo
2010-02-20 16:51 . 2010-02-20 19:16 -------- d-----w- c:\program files\iPod(1)
2010-02-19 01:12 . 2010-02-19 01:12 -------- d-----w- c:\program files\TweetDeck
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:36 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-17 01:37 . 2010-02-17 01:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 01:28 . 2010-02-12 01:28 -------- d-----w- c:\users\Godkids\AppData\Roaming\TOSHIBA
2010-02-11 20:01 . 2010-02-11 20:01 26694 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{82FB382F-60E5-47A0-A3D1-4BF235B594C3}\BlackBerry.exe
2010-02-11 19:53 . 2010-02-11 19:53 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-11 19:52 . 2010-02-11 19:52 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-11 19:52 . 2010-02-11 19:53 -------- d-----w- c:\program files\Roxio
2010-02-11 19:39 . 2010-02-11 19:41 -------- d-----w- c:\programdata\Research In Motion
2010-02-04 17:35 . 2010-02-04 17:36 -------- d-----w- c:\program files\V CAST Music with Rhapsody
2010-02-01 18:19 . 2010-02-13 21:49 -------- d-----w- c:\program files\support.com
2010-02-01 18:19 . 2010-02-01 18:19 -------- d-----w- c:\users\Owner\AppData\Local\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 16:10 . 2009-06-06 00:30 130424 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Java
2010-02-24 18:43 . 2008-08-14 19:23 -------- d-----w- c:\program files\Common Files\Java
2010-02-24 15:16 . 2009-10-03 13:55 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 19:05 . 2010-01-12 01:13 -------- d-----w- c:\users\Owner\AppData\Roaming\FreeFLVConverter
2010-02-20 19:05 . 2009-09-12 16:12 -------- d-----w- c:\program files\iTunes
2010-02-20 19:05 . 2009-11-14 20:12 -------- d-----w- c:\program files\iPod
2010-02-20 19:05 . 2009-07-11 15:52 -------- d-----w- c:\program files\Common Files\Apple
2010-02-20 18:47 . 2009-06-13 19:37 -------- d-----w- c:\program files\Flock
2010-02-20 16:51 . 2009-07-04 22:22 -------- d-----w- c:\programdata\Apple Computer
2010-02-19 01:09 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee
2010-02-12 01:24 . 2009-12-23 02:37 129856 ----a-w- c:\users\Godkids\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-11 20:00 . 2009-09-25 15:34 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-11 19:53 . 2009-09-29 22:44 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-11 19:52 . 2009-09-30 01:55 -------- d-----w- c:\programdata\Roxio
2010-02-11 19:52 . 2008-08-14 19:01 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-11 19:41 . 2009-09-25 15:34 -------- d-----w- c:\program files\Research In Motion
2010-02-11 14:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-11 13:38 . 2009-01-18 06:47 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 15:37 . 2008-08-14 19:41 -------- d-----w- c:\program files\Picasa2
2010-02-07 23:01 . 2009-12-23 02:56 16454312 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
2010-02-07 23:00 . 2009-12-23 02:56 135168 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\StringTableEditorMFC.dll
2010-02-07 23:00 . 2009-12-23 02:56 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\PatchClientUIRsrc-En.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Shockalock.dll
2010-02-07 23:00 . 2009-12-23 02:56 40960 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_PotionMotion.dll
2010-02-07 23:00 . 2009-12-23 02:56 53248 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_HotShots.dll
2010-02-07 23:00 . 2009-12-23 02:56 94208 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Dueling_Diego.dll
2010-02-07 23:00 . 2009-12-23 02:56 24576 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Concentration.dll
2010-02-07 23:00 . 2009-12-23 02:56 49152 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_ChooChooZoo.dll
2010-02-07 23:00 . 2009-12-23 02:56 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\ConfiguratorResEnglish.dll
2010-02-07 23:00 . 2009-12-23 02:51 180904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
2010-02-07 22:59 . 2009-12-23 02:55 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2010-02-07 22:58 . 2009-12-23 02:55 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:51 73728 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc-En.dll
2010-02-07 22:58 . 2009-12-23 02:55 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:51 39424 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\ConfiguratorResEnglish.dll
2010-02-07 22:58 . 2009-12-23 02:55 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2010-02-07 22:58 . 2009-12-23 02:51 103080 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2010-02-06 19:48 . 2008-08-14 19:40 -------- d-----w- c:\program files\Google
2010-01-25 12:00 . 2010-02-24 14:53 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 14:53 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 14:53 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 14:53 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 14:53 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 14:53 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 14:53 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 14:53 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 14:53 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 14:53 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 01:35 . 2010-01-22 01:35 177024 ----a-w- c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\FlashGot.exe
2010-01-21 09:33 . 2009-06-20 00:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 18:14 . 2010-01-19 18:14 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-01-18 02:37 . 2010-01-18 02:37 -------- d-----w- c:\users\Godkids\AppData\Roaming\Research In Motion
2010-01-14 19:00 . 2009-07-07 23:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-12 01:54 . 2010-01-12 01:53 -------- d-----w- c:\program files\QuickTime
2010-01-12 01:13 . 2010-01-12 01:13 -------- d-----w- c:\program files\Free FLV Converter
2010-01-09 23:24 . 2009-06-13 16:49 -------- d-----w- c:\programdata\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\Common Files\McAfee
2010-01-09 22:54 . 2010-01-09 22:54 -------- d-----w- c:\program files\McAfee.com
2010-01-09 18:47 . 2010-01-03 18:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-09 17:49 . 2009-06-13 20:29 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
2010-01-09 17:29 . 2009-06-13 20:53 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
2010-01-09 16:57 . 2010-01-03 18:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-09 16:57 . 2010-01-09 16:57 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 22:07 . 2010-01-03 18:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-03 18:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:39 . 2010-02-24 14:53 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 14:53 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 14:53 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 14:53 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 14:53 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 14:53 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 14:53 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 21:15 . 2010-01-03 18:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2010-01-03 18:38 . 2010-01-03 18:38 -------- d-----w- c:\programdata\Malwarebytes
2010-01-03 05:12 . 2010-01-03 05:12 -------- d-----w- c:\program files\Trend Micro
2010-01-02 06:38 . 2010-01-22 04:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 04:05 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 04:05 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 04:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 04:40 . 2009-12-25 04:40 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-23 02:57 . 2009-12-23 02:57 449536 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-12-23 02:57 . 2009-12-23 02:57 389120 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGraphicalClient.exe
2009-12-23 02:55 . 2009-12-23 02:55 13107200 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGraphicalClient.exe
2009-12-18 00:17 . 2009-12-23 02:55 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:55 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:55 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:55 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\gdiplus.dll
2009-12-18 00:17 . 2009-12-23 02:51 37032 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\Wizard101.exe
2009-12-18 00:17 . 2009-12-23 02:51 819880 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2009-12-18 00:17 . 2009-12-23 02:51 59904 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\zlib1.dll
2009-12-18 00:17 . 2009-12-23 02:51 495616 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\SkinCrafterDll.dll
2009-12-18 00:17 . 2009-12-23 02:51 207872 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\patchw32.dll
2009-12-18 00:17 . 2009-12-23 02:51 1645320 ----a-w- c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\gdiplus.dll
2009-12-17 23:14 . 2009-07-07 17:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-11 11:43 . 2010-02-10 15:31 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-11 11:43 . 2010-02-10 15:31 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-06 00:29 . 2009-06-06 00:29 13 --sh--r- c:\windows\System32\drivers\fbd.sys
2009-06-06 00:29 . 2009-06-06 00:29 4 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-02-24_19.03.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 14:53 . 2010-01-23 09:20 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22320_none_17a1cecf1fe62f76\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18192_none_16ce813e06ff88ca\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-23 09:43 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22612_none_15c82d6722b5f10f\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18410_none_153c8e22099a2170\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-23 09:39 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21209_none_13f396ef25812ba9\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-23 09:58 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.17007_none_1367f7aa0c655c0a\tzupd.exe
+ 2010-02-24 14:53 . 2010-01-06 16:01 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22303_none_8474f2d5770488ce\Apphlpdm.dll
+ 2010-02-24 14:53 . 2010-01-06 15:38 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18179_none_83a5a66c5e1a477e\Apphlpdm.dll
+ 2008-01-21 01:58 . 2010-02-25 16:11 82138 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-02-25 16:11 81772 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-06-06 07:04 . 2010-02-25 16:11 15466 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-737594619-1414829202-3786626943-1000_UserData.bin
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-18 07:48 . 2010-02-25 16:15 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-25 16:15 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-18 07:48 . 2010-02-24 18:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-18 07:48 . 2010-02-25 16:15 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-24 14:53 . 2010-01-23 09:26 19456 c:\windows\servicing\GC32\tzupd.exe
- 2009-06-13 19:06 . 2010-02-23 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 19:06 . 2010-02-25 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 19:06 . 2010-02-25 14:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 19:06 . 2010-02-23 13:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 19:06 . 2010-02-23 13:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 19:06 . 2010-02-25 14:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-25 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-13 16:05 . 2010-02-25 16:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-13 16:05 . 2010-02-25 16:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-13 16:05 . 2010-02-24 18:45 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-25 13:44 . 2010-02-25 13:44 22528 c:\windows\Installer\c4935.msi
+ 2010-02-24 14:53 . 2010-01-23 09:20 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22320_none_17a1cecf1fe62f76\tzres.dll
+ 2010-02-24 14:53 . 2010-01-23 09:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18192_none_16ce813e06ff88ca\tzres.dll
+ 2010-02-24 14:53 . 2010-01-23 09:43 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22612_none_15c82d6722b5f10f\tzres.dll
+ 2010-02-24 14:53 . 2010-01-23 09:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18410_none_153c8e22099a2170\tzres.dll
+ 2010-02-24 14:53 . 2010-01-23 07:54 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21209_none_13f396ef25812ba9\tzres.dll
+ 2010-02-24 14:53 . 2010-01-23 08:05 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.17007_none_1367f7aa0c655c0a\tzres.dll
+ 2010-02-24 14:53 . 2010-01-06 13:31 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22303_none_0e955139088d9e83\AcRes.dll
+ 2010-02-25 16:06 . 2010-02-25 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-02-24 18:45 . 2010-02-24 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-25 16:06 . 2010-02-25 16:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-02-24 14:54 . 2009-12-04 16:15 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22960_none_6611c986263fd953\jscript.dll
+ 2010-02-24 14:54 . 2009-12-04 07:19 726528 c:\windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18869_none_65912f550d1a1d98\jscript.dll
+ 2010-02-24 14:53 . 2010-01-25 12:37 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.22321_none_a350e80647cb55d4\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:21 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6002.18193_none_a27d9a752ee4af28\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:32 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 518144 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.22613_none_a177469e4a9b176d\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:48 472064 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 511488 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6001.18411_none_a0eba759317f47ce\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:35 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:27 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.21210_none_9f8ddd564d777092\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:58 472576 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\secproc.dll
+ 2010-02-24 14:53 . 2010-01-25 08:36 515584 c:\windows\winsxs\x86_microsoft-windows-s..sor-native-whitebox_31bf3856ad364e35_6.0.6000.17008_none_9f1710e1344a8268\RMActivate.exe
+ 2010-02-24 14:53 . 2010-01-25 12:38 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.22321_none_721a38317a650774\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:00 152064 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:21 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6002.18193_none_7146eaa0617e60c8\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:33 152576 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.22613_none_704096c97d34c90d\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 347136 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6001.18411_none_6fb4f7846418f96e\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:35 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:27 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.21210_none_6e572d8180112232\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:58 154112 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\secproc_ssp.dll
+ 2010-02-24 14:53 . 2010-01-25 08:36 435712 c:\windows\winsxs\x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.0.6000.17008_none_6de0610c66e43408\RMActivate_ssp.exe
+ 2010-02-24 14:53 . 2010-01-25 12:38 475648 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.22321_none_ebad56a205fcee15\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:00 471552 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:21 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6002.18193_none_eada0910ed164769\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:33 476672 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 526336 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.22613_none_e9d3b53a08ccafae\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:48 472576 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6001.18411_none_e94815f4efb0e00f\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:35 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.21210_none_e7ea4bf20ba908d3\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:58 473088 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\secproc_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:35 523776 c:\windows\winsxs\x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.0.6000.17008_none_e7737f7cf27c1aa9\RMActivate_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:38 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.22321_none_f772482c14c2182f\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:00 152576 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:21 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6002.18193_none_f69efa9afbdb7183\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:33 153088 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:34 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.22613_none_f598a6c41791d9c8\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:48 151040 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:35 346624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6001.18411_none_f50d077efe760a29\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:35 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:28 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.21210_none_f3af3d7c1a6e32ed\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:58 154624 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\secproc_ssp_isv.dll
+ 2010-02-24 14:53 . 2010-01-25 08:36 431104 c:\windows\winsxs\x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.0.6000.17008_none_f3387107014144c3\RMActivate_ssp_isv.exe
+ 2010-02-24 14:53 . 2010-01-25 12:35 352768 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.22321_none_ea59157ba997c9d0\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-25 11:58 332288 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6002.18193_none_e985c7ea90b12324\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-25 12:31 336384 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.22613_none_e87f7413ac678b69\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-25 12:45 329216 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6001.18411_none_e7f3d4ce934bbbca\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-25 12:34 312832 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.21210_none_e6960acbaf43e48e\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-25 12:56 312320 c:\windows\winsxs\x86_microsoft-windows-r..ement-client-v1-api_31bf3856ad364e35_6.0.6000.17008_none_e61f3e569616f664\msdrm.dll
+ 2010-02-24 14:53 . 2010-01-06 16:01 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22303_none_0e995261088a03df\AcXtrnal.dll
+ 2010-02-24 14:53 . 2010-01-06 16:01 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22303_none_0e995261088a03df\AcLayers.dll
+ 2010-02-24 14:53 . 2010-01-06 15:38 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18179_none_0dca05f7ef9fc28f\AcXtrnal.dll
+ 2010-02-24 14:53 . 2010-01-06 15:38 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18179_none_0dca05f7ef9fc28f\AcLayers.dll
+ 2010-02-24 14:53 . 2010-01-06 16:01 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22303_none_0e985217088aea88\AcSpecfc.dll
+ 2010-02-24 14:53 . 2010-01-06 15:38 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18179_none_0dc905adefa0a938\AcSpecfc.dll
+ 2006-11-02 10:33 . 2010-02-25 15:06 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-02-16 15:29 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-02-25 15:06 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-02-16 15:29 101350 c:\windows\System32\perfc009.dat
+ 2010-02-24 14:54 . 2009-12-04 07:19 726528 c:\windows\System32\jscript.dll
- 2009-09-08 20:21 . 2009-06-06 05:01 726528 c:\windows\System32\jscript.dll
+ 2006-11-02 12:47 . 2010-02-25 16:06 441080 c:\windows\System32\FNTCACHE.DAT
+ 2009-06-06 08:02 . 2010-02-25 16:07 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-06-06 08:02 . 2010-02-24 18:54 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-01-18 07:40 . 2010-02-24 18:44 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-01-18 07:40 . 2010-02-25 16:05 516664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-02-24 14:53 . 2010-01-06 13:42 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_4473681dd77e3431\GameUXLegacyGDFs.dll
+ 2010-02-24 14:53 . 2010-01-06 16:03 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22303_none_4473681dd77e3431\gameux.dll
+ 2010-02-24 14:53 . 2010-01-06 13:30 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_43a41bb4be93f2e1\GameUXLegacyGDFs.dll
+ 2010-02-24 14:53 . 2010-01-06 15:39 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18179_none_43a41bb4be93f2e1\gameux.dll
+ 2010-02-24 14:53 . 2010-01-06 16:01 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22303_none_0e9751cd088bd131\AcGenral.dll
+ 2010-02-24 14:53 . 2010-01-06 15:38 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18179_none_0dc80563efa18fe1\AcGenral.dll
- 2006-11-02 10:22 . 2010-02-24 14:51 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-02-25 16:05 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-06-06 08:05 . 2010-02-25 13:40 162352197 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-04-01 1283384]
"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:93,81,73,22,81,e6,c9,01

R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 6:58 PM 40960]
R2 Google MediaServer;Google MediaServer;c:\program files\Google\Google Media Server\GoogleMediaServer.exe [7/7/2009 9:43 AM 622080]
R2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [6/17/2009 7:37 AM 14672]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 1:15 PM 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 7:03 PM 126976]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [8/14/2008 1:08 PM 7168]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [4/28/2008 8:29 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 8:35 PM 73728]
S2 GSRestartSvc;GSRestartSvc;"c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe" --> c:\programdata\Geek Squad\Customizer\GSRestartSvc.exe [?]
S2 gupdate1c9ee4779680a40;Google Update Service (gupdate1c9ee4779680a40);c:\program files\Google\Update\GoogleUpdate.exe [6/15/2009 11:58 PM 133104]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 6:03 PM 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [8/20/2008 12:41 PM 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-16 05:58]

2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-01-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-01-09 18:22]

2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{5B1FA914-F285-437C-B369-B3D41F8045ED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\b79xe3ai.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?|http://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=70m6ub50kkcd0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\Owner\AppData\Local\HuluDesktop\instances\0.9.10.1\nphdplg.dll
FF - plugin: c:\users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 10:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-02-25 10:24:30
ComboFix-quarantined-files.txt 2010-02-25 16:24
ComboFix2.txt 2010-02-25 00:49
ComboFix3.txt 2010-02-24 21:10
ComboFix4.txt 2010-02-24 19:06

Pre-Run: 210,299,318,272 bytes free
Post-Run: 210,245,189,632 bytes free

- - End Of File - - FA3C2B23A8CA11314663AD53509AD510


#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:12:21 AM

Posted 25 February 2010 - 11:35 AM

Hmmm...Well, hello again this morning lol...any particular reason you can share as to why you ran combofix again? I didn't ask for another log. In fact I had said the last log appears to be just fine. What I was expecting was the results from your McAfee scan from safe mode. Explain please? Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users