Jump to content


Photo

Help get rid of whatever is on my computer. Requested Logs Posted


  • This topic is locked This topic is locked
30 replies to this topic

#1 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 07 March 2012 - 02:56 PM

Hey everyone!

I posted my request for help elsewhere and was instructed to scan and place logs on this forum. I'm hoping someone can help me get my computer back to normal. I allowed a friend to borrow my computer and it came back with everything and its neighbor wrong with it. Slow to respond, unchangable "new tab" pages, a trojan that shows up on Super Anti Spyware but not picked up elsewhere...and that's just starting. I get roughly 5-8 bluescreens a week. I will attach each of the requested logs and am willing to do whatever it takes from there.

Kelli

DDSlog
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kelli at 14:04:17 on 2012-03-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1568 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Kelli\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SansaDispatch] c:\users\kelli\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8E0C4269-787D-4060-94E6-623603807EFF}\7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kelli\appdata\roaming\mozilla\firefox\profiles\g780i6nk.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=
FF - component: c:\program files\fvd suite\addons\firefox\components\fvd_connector.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=
FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9
FF - user.js: extensions.funmoods_i.instlDay - 15377
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52:27
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - pvl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-7 652360]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-11 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:\program files\google\update\GoogleUpdate.exe [2009-9-11 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-10-5 23456]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-11 133104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-06 22:50:58 -------- d-----w- c:\users\kelli\appdata\roaming\AVG2012
2012-03-06 22:50:46 -------- d--h--w- c:\programdata\Common Files
2012-03-06 22:49:09 -------- d-----w- c:\windows\system32\drivers\AVG
2012-03-06 22:49:08 -------- d-----w- c:\programdata\AVG2012
2012-03-06 22:47:52 -------- d-----w- c:\program files\AVG
2012-03-06 22:44:38 -------- d-----w- c:\programdata\MFAData
2012-03-06 11:33:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f47a61-d8a5-43de-b827-e7da3d798a35}\offreg.dll
2012-03-06 09:19:43 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f47a61-d8a5-43de-b827-e7da3d798a35}\mpengine.dll
2012-03-06 03:38:10 -------- d-----w- c:\program files\uTorrent
2012-03-06 02:56:14 -------- d-----w- c:\programdata\boost_interprocess
2012-03-06 02:44:46 -------- d-----w- c:\users\kelli\appdata\local\Ilivid Player
2012-03-06 02:43:36 -------- d-----w- c:\program files\Searchqu Toolbar
2012-03-06 02:43:21 -------- d-----w- c:\users\kelli\appdata\local\PackageAware
2012-03-06 02:36:51 -------- d-----w- c:\programdata\Tarma Installer
2012-03-06 02:36:44 -------- d-----w- c:\program files\fbphotozoom
2012-03-06 02:36:02 -------- d-----w- c:\program files\1ClickDownload
2012-03-02 21:48:25 -------- d-----w- c:\program files\AVAST Software
2012-02-23 07:44:38 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-23 04:14:37 -------- d-----w- C:\SWsetup
2012-02-23 04:04:17 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2012-02-23 03:33:55 2168320 ----a-w- c:\windows\system32\RtkAPO.dll
2012-02-23 03:20:04 -------- d--h--w- c:\program files\Temp
2012-02-23 02:55:21 -------- d-----w- c:\users\kelli\appdata\roaming\DriverCure
2012-02-23 02:55:15 -------- d-----w- c:\programdata\ParetoLogic
2012-02-23 02:55:15 -------- d-----w- c:\programdata\DriverCure
2012-02-20 02:21:28 -------- d-----w- c:\users\kelli\appdata\roaming\Origin
2012-02-20 02:21:26 -------- d-----w- c:\users\kelli\appdata\local\Origin
2012-02-20 02:21:15 -------- d-----w- c:\program files\Origin Games
2012-02-20 02:20:43 -------- d-----w- c:\program files\Origin
2012-02-20 02:20:36 -------- d-----w- c:\programdata\EA Core
2012-02-16 05:30:32 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 05:30:31 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 05:30:25 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-16 05:30:07 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-07 03:52:15 -------- d-----w- c:\users\kelli\appdata\roaming\FVDToolbar
.
==================== Find3M ====================
.
2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 08:33:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 14:05:25.47 ===============

DDS attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 1/23/2010 6:17:11 PM
System Uptime: 3/7/2012 3:10:14 AM (11 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 113.465 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP644: 2/7/2012 4:58:13 AM - Windows Update
RP645: 2/7/2012 3:41:10 PM - Removed ooVoo
RP646: 2/10/2012 9:46:00 AM - Windows Update
RP647: 2/14/2012 4:14:12 AM - Windows Update
RP648: 2/16/2012 3:00:17 AM - Windows Update
RP649: 2/19/2012 3:35:12 AM - Windows Update
RP650: 2/19/2012 8:57:56 PM - Installed TheSims3EP4
RP651: 2/19/2012 9:05:09 PM - Installed TheSims3EP5
RP652: 2/20/2012 3:00:11 AM - Windows Update
RP653: 2/22/2012 11:02:33 PM - Installed Driver Detective.
RP655: 2/22/2012 11:44:48 PM - Configured Realtek 8169 8168 8101E 8102E Ethernet Driver
RP656: 2/23/2012 2:43:25 AM - avast! Free Antivirus Setup
RP657: 2/24/2012 12:04:19 AM - Windows Update
RP658: 2/25/2012 1:33:43 AM - Restore Operation
RP659: 2/25/2012 2:15:26 AM - Windows Update
RP660: 2/25/2012 3:00:10 AM - Windows Update
RP661: 2/28/2012 4:43:19 AM - Windows Update
RP662: 3/2/2012 4:26:59 PM - avast! Free Antivirus Setup
RP663: 3/2/2012 4:47:50 PM - avast! Free Antivirus Setup
RP664: 3/2/2012 5:02:33 PM - Installed The Sims 3
RP665: 3/6/2012 4:18:53 AM - Windows Update
RP666: 3/6/2012 5:40:50 PM - avast! Free Antivirus Setup
RP667: 3/6/2012 5:46:50 PM - Installed AVG 2012
RP668: 3/6/2012 5:48:00 PM - Installed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
1ClickDownload
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Amazon Kindle
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
AVG 2012
Bonjour
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
D3DX10
DivX Setup
DriverAgent by eSupport.com
DVD Decrypter (Remove Only)
DVD MovieFactory for TOSHIBA
FVD Suite 2.7.3
Google Earth Plug-in
Google Update Helper
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Mobipocket Creator 4.2
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Origin
QuickBooks Financial Center
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Sansa Updater
Searchqu Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SUPERAntiSpyware
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
The Sims™ 3
The Sims™ 3 Ambitions
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Pets
The Sims™ 3 World Adventures
Tinker
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Wizard101
World of Warcraft
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/7/2012 3:12:22 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.
3/7/2012 3:08:21 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
3/6/2012 12:16:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E0C4269-787D-4060-94E6-623603807E. The master browser is stopping or an election is being forced.
3/3/2012 4:50:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
.
==== End Of File ===========================

aswMBR log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-07 14:10:50
-----------------------------
14:10:50.147 OS Version: Windows 6.1.7601 Service Pack 1
14:10:50.148 Number of processors: 2 586 0x170A
14:10:50.151 ComputerName: KELLI-LAPTOP UserName: Kelli
14:10:51.779 Initialize success
14:12:21.944 AVAST engine defs: 12030700
14:12:41.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:12:41.404 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
14:12:41.424 Disk 0 MBR read successfully
14:12:41.428 Disk 0 MBR scan
14:12:41.434 Disk 0 Windows 7 default MBR code
14:12:41.449 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:12:41.461 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296325 MB offset 3074048
14:12:41.498 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7419 MB offset 609947648
14:12:41.509 Disk 0 scanning sectors +625141760
14:12:41.565 Disk 0 scanning C:\Windows\system32\drivers
14:12:55.679 Service scanning
14:13:24.608 Modules scanning
14:13:32.490 Disk 0 trace - called modules:
14:13:32.512 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:13:32.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8700b030]
14:13:32.534 3 CLASSPNP.SYS[8b94959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8620e028]
14:13:33.930 AVAST engine scan C:\Windows
14:13:37.970 AVAST engine scan C:\Windows\system32
14:17:56.386 AVAST engine scan C:\Windows\system32\drivers
14:18:19.148 AVAST engine scan C:\Users\Kelli
14:37:30.779 AVAST engine scan C:\ProgramData
14:41:31.188 Scan finished successfully
14:41:53.015 Disk 0 MBR has been saved successfully to "C:\Users\Kelli\Desktop\MBR.dat"
14:41:53.058 The log file has been saved successfully to "C:\Users\Kelli\Desktop\aswMBR.txt"

Attached Files



#2 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 08 March 2012 - 09:07 AM

Hello musicangel09 and :wp:

My name is JonTom
  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
Thank you for the logs.

Before we begin, please let me know if you are being redirected when you perform internet searches :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#3 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 08 March 2012 - 01:50 PM

Thanks for the reply! No, performing internet searches brings me to the correct location, but opening a new tab (that normally would result in a blank page) brings me to searchnu.com i was able to disable an addon that took care of that problem, but i fear that whatever put it there in the first place is still on my computer.

#4 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 08 March 2012 - 05:02 PM

Hello musicangel09

performing internet searches brings me to the correct location

Thanks for letting me know :)

i fear that whatever put it there in the first place is still on my computer

We still have work to do. Please stay with me until you have the "all clear".
  • P2P Programs:
  • P2P programs are a major source of Malware infections.
  • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.
  • Information regarding the risk of using these programs can be found from here and here.
  • It is strongly recommend that you uninstall any P2P programs you have on your system.
  • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
  • A list of currently installed programs will be displayed.
  • Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.


    PLEASE NOTE:
  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
  • Combofix
  • Download ComboFix from one of the following locations:

    Link 1
    Link 2
  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
Please post the Combofix log in your next reply :)

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#5 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 08 March 2012 - 06:54 PM

The scan seemed to go off without a hitch.

CF Log

ComboFix 12-03-08.04 - Kelli 03/08/2012 18:26:54.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1870 [GMT -5:00]
Running from: c:usersKelliDesktopComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:programdataTarma Installer
c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setup.dll
c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll
c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.dat
c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.exe
c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.ico
c:windowssecurityDatabasetmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 23:38 . 2012-03-08 23:40 -------- d-----w- c:usersKelliAppDataLocaltemp
2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp
2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersPublicAppDataLocaltemp
2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp
2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersDefaultAppDataLocaltemp
2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG
2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files
2012-03-06 22:49 . 2012-03-08 11:04 -------- d-----w- c:windowssystem32driversAVG
2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012
2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG
2012-03-06 22:44 . 2012-03-08 23:09 -------- d-----w- c:programdataMFAData
2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll
2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll
2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent
2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess
2012-03-06 02:44 . 2012-03-06 02:44 -------- d-----w- c:usersKelliAppDataLocalIlivid Player
2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:program filesSearchqu Toolbar
2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware
2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom
2012-03-06 02:36 . 2012-03-06 02:37 -------- d-----w- c:program files1ClickDownload
2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software
2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client
2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup
2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters
2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp
2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:usersKelliAppDataRoamingDriverCure
2012-02-23 02:55 . 2012-02-23 04:42 -------- d-----w- c:programdataDriverCure
2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:programdataParetoLogic
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games
2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin
2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core
2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl
2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll
2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll
2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe
2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl
2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys
2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712]
"B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]
"IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:progra~1SEARCH~1Datamngrdatamngr.dll c:progra~1SEARCH~1DatamngrIEBHO.dll
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]
2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor]
2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]
R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320]
R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456]
R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872]
R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216]
R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]
R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592]
S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776]
S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360]
S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976]
S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720]
S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - SASENUM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]
.
2012-03-08 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=
FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9
FF - user.js: extensions.funmoods_i.instlDay - 15377
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - pvl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{6778613D-616B-4A6C-9856-65DE943CF424} - (no file)
Toolbar-10 - (no file)
MSConfigStartUp-avast - c:program filesAlwil SoftwareAvast5avastUI.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-08 18:44:35
ComboFix-quarantined-files.txt 2012-03-08 23:44
.
Pre-Run: 117,180,096,512 bytes free
Post-Run: 117,167,353,856 bytes free
.
- - End Of File - - 57C7D75204275D6F4A1218E0FD0EEF03

#6 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 09 March 2012 - 06:52 AM

Hello musicangel09

The scan seemed to go off without a hitch

:)

We need to use Combofix again but this time we will be running it in a slightly different way:
  • Please work through the following steps
  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the quotebox below into the open Notepad window:

    File::
    c:\progra~1\SEARCH~1\Datamngr\datamngr.dll
    c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll

    Folder::
    c:\program files\1ClickDownload
    c:\program files\Searchqu Toolbar
    c:\programdata\ParetoLogic
    c:\users\Kelli\AppData\Roaming\DriverCure
    c:\programdata\DriverCure
    c:\users\Kelli\AppData\Local\Ilivid Player

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""

    Firefox::
    FF - ProfilePath - c:\users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\g780i6nk.default\
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=
    FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9
    FF - user.js: extensions.funmoods_i.instlDay - 15377
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - pvl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

    Posted Image
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.
  • Temporary File Cleaner
    • Download TFC to your desktop.
    • Close any open windows.
    • Right click the TFC icon and select "Run as Administrator" to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • MalwareBytes AntiMalware:
    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
    Please post the Combofix log and the MBAM log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#7 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 09 March 2012 - 02:40 PM

Hello once again! Here are the two logs you requested!

NEW CF LOG

ComboFix 12-03-08.04 - Kelli 03/09/2012 13:58:21.4.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1881 [GMT -5:00]
Running from: c:usersKelliDesktopComboFix.exe
Command switches used :: c:usersKelliDesktopCFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:progra~1SEARCH~1Datamngrdatamngr.dll"
"c:progra~1SEARCH~1DatamngrIEBHO.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:program files1ClickDownload
c:program files1ClickDownload(Demonoid.me)-Toys_by_James_Patterson.torrent
c:program files1ClickDownload1Click.cfg
c:program files1ClickDownload1ClickDownload.exe
c:program files1ClickDownloadC08AC20CCD7C0844A5442EEFB1F6BCE0F75A0C7D.status
c:program files1ClickDownloadLogContext.log
c:program files1ClickDownloadLogDownloader.log
c:program files1ClickDownloadmainpack.exe
c:program files1ClickDownloadOneClickLib.dll
c:program files1ClickDownloaduninst.exe
c:program filesSearchqu Toolbar
c:program filesSearchqu ToolbarDatamngrBrowserConnection.dll
c:program filesSearchqu ToolbarDatamngrdatamngr.dll
c:program filesSearchqu ToolbarDatamngrdatamngrUI.exe
c:program filesSearchqu ToolbarDatamngrDnsBHO.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest
c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest.alt
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.xpt
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF10.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF11.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF3.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF4.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF5.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF6.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF7.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF8.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF9.dll
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDataMngr.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDnsBHO.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentError404BHO.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentNewTabBHO.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.xul
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentRelatedSearch.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSearchBHO.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSessionRestore.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettingManager.js
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml.alt
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf
c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf.alt
c:program filesSearchqu ToolbarDatamngrIEBHO.dll
c:program filesSearchqu ToolbarDatamngrToolBaras_guid.dat
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentbandoocode.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchengines.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchsearch.xsl
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibabout.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibbandoocode.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanel.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpaneltransparent.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanelwin.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxprefwin.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxtransparentwin.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxwin.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibemailnotifierproviders.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibexternal.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibneterror.xhtml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibvmncode.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibwmpstreamer.html
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesdatastore.jsm
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesnsDragAndDrop.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentneterror.xhtml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpartner.coupons.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpreferences.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentradiobeta.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttemplate.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.htm
c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.xul
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmncode.js
c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmnrsswin.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbabylon_logo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbandoo.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluelite.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluesky.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn_settings.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinca.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskindictionary.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskindivider.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskindownloadcom.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskindtxlogo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinebay.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail_on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinfacebook.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingames.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0_5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1_5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2_5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3_5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4_5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphredna.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskingrey.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinico-shield.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_amazon.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_games.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_radio_png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_seperator_png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_twitter.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_youtube.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimages.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimesh.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibadd.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibaol.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-dn.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right-disabled.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-up.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-divider.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-end.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl_ff.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-start.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-divider.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-end.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl_ff.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-start.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibblank.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn_slider.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcheckmark.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibchevron.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcollapse.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcomcast.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibdtx.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back-hot.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibexpand.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibfound.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibgmail.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_blue.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_cyan.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_lime.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_magenta.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_yellow.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhotmail.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibico-check.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibimap.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblastsearch-thumb-back.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibloadingMid.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblock.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblogo-separator.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmailcom.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_bg-basic.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_bar.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_white.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitem-splitter.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-down-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-vista.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmodify.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmove.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmovetarget.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspanels.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupAbout.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupGames.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupRSS.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupWidgets.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultcssdialog.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbg.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-search.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesdefault.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-l.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-r.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-l.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-r.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestransparent.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-mdl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-mdl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right-resize.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultmain.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultscriptsdefscript.js
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsfooter.htm
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgamecategory.xsl
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameData.js
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameList.xsl
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgames.xsl
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgametype.xsl
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-dn.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml-drop.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-up.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrowr-bluew5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-aboutbox.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-btnover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-pnl520x390.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-back.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-greyover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-drag.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-moredetails.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-right-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbullet-orange.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb2-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-calendar.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-dollar.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-download.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-joystick24.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-news24.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-play.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-tags.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Add.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-download.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Info.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-play.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-shop.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgon.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagespanel-botm-noscroll.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg-206.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-topwin.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-disable.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-down.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-disable.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-down.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagessearchbox-pnlbtm.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_orange.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesTRUSTe_about.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-16px.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-24px.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsinitHTML.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupGames.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupHTML.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupRSS.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupWidgets.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsscroll.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpop.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradio.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssmanager.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssslider.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbg-pnl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-greyover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagescollapsed_button.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesexpanded_button.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-down.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-radio.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesmusic-note.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-bg.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-buffer.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-busy.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-off.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-on.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-warning.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-on.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-0.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-1.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-2.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-3.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-mute.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-handle.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-track.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslider.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslideron.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagestrack.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiomanagerpanel.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiovolumeslider.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-buffering.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-connecting.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-playing.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-stopped.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta.ico
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibreload.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibremove.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrename.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibresize-box.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrss.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsschannelback.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibRSSLogo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsstabdivider.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch-go.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtext-ellipsis.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibthrobber.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtoolbarsplitter.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtransparent_1px.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_02.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_03.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_04.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_06.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_07.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_08.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_09.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_10.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_11.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_12.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_13.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_14.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_15.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_16.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_18.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_19.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_20.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_21.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-greyover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-hot.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-normal.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaloadingMid.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaproxy.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplateFF.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwathrobber.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconscond999.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsicons.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-s.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-t.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesadd.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesarrowr-bluew5.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue-whitebg.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-check.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-uncheck.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-greyover.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-delete.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next-off.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous-off.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-check.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid-s.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesoptions-weather.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-blue.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-orange.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug2.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-checked.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-unchecked.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagessearchbox-pnlbtm.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesweather-contour.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.html
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibyahoo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlichen.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-about.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-separator.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmail.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmaps.bmp
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmenuseparatorback.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify-save.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodifyhot.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmusic.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinnews.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-main.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-search.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-widgets.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinorange.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinpixsy.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinprotect-id.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-buffering.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-connecting.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-playing.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-stopped.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta.ico
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrelatedlinks.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-collapse.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-delete.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-expand.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-feed.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-remove.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-rename.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-found.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-reload.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-subscribe.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrssback.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrsstopback.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch-over.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_over_png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-left.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-middle.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-right.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsettings.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinshopping.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsiteinfo.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluelite.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluesky.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-grey.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-lichen.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-orange.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-yellow.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin.xml
c:program filesSearchqu ToolbarDatamngrToolBarchromeskintechnorati.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinthrobber.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskintoolbarsplitter.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskintranslate.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvideo.bmp
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.css
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweather.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweb.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwidgets-square-16px.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwikipedia.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyahoosearch.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyellow.gif
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyoutube.png
c:program filesSearchqu ToolbarDatamngrToolBarchromeskinzoom.png
c:program filesSearchqu ToolbarDatamngrToolBarcomponentswindowmediator.js
c:program filesSearchqu ToolbarDatamngrToolBardtUser.exe
c:program filesSearchqu ToolbarDatamngrToolBarmanifest.xml
c:program filesSearchqu ToolbarDatamngrToolBarsearchquband.dll
c:program filesSearchqu ToolbarDatamngrToolBarsearchqudtx.dll
c:program filesSearchqu ToolbarDatamngrToolBaruninstall.exe
c:program filesSearchqu Toolbarsysid.ini
c:program filesSearchqu Toolbaruninstall.exe
c:programdataDriverCure
c:programdataDriverCure9B13A86D3456.plf
c:programdataParetoLogic
c:programdataParetoLogicUUS2DriverCureMaster.xml
c:programdataParetoLogicUUS2DriverCurePatch.xml
c:programdataParetoLogicUUS2DriverCureUpdate.xml
c:programdataParetoLogicUUS2Master.xml
c:programdataParetoLogicUUS2Patch.xml
c:programdataParetoLogicUUS2Update.xml
c:usersKelliAppDataLocalIlivid Player
c:usersKelliAppDataLocalIlivid Playerscript.qscript
c:usersKelliAppDataRoamingDriverCure
c:usersKelliAppDataRoamingDriverCureClient.txt
c:usersKelliAppDataRoamingDriverCureLogFile.txt
c:usersKelliAppDataRoamingDriverCureServer.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 19:10 . 2012-03-09 19:11 -------- d-----w- c:usersKelliAppDataLocaltemp
2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersPublicAppDataLocaltemp
2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp
2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersDefaultAppDataLocaltemp
2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG
2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files
2012-03-06 22:49 . 2012-03-09 14:46 -------- d-----w- c:windowssystem32driversAVG
2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012
2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG
2012-03-06 22:44 . 2012-03-09 14:46 -------- d-----w- c:programdataMFAData
2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll
2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll
2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent
2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess
2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware
2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom
2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software
2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client
2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup
2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters
2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin
2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games
2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin
2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core
2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl
2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll
2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll
2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe
2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl
2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys
2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712]
"B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008]
"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288]
"Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]
"IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736]
"DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872]
"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk
backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]
2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor]
2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware]
2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]
2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]
R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320]
R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456]
R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872]
R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216]
R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]
R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592]
S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968]
S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608]
S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248]
S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776]
S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960]
S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360]
S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976]
S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720]
S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswFsBlk
*Deregistered* - aswMonFlt
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - SASENUM
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]
.
2012-03-09 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:progra~1SEARCH~1DatamngrDATAMN~1.EXE
AddRemove-1ClickDownload - c:program files1ClickDownloaduninst.exe
AddRemove-Searchqu Toolbar - c:program filesSearchqu Toolbaruninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-09 14:15:27
ComboFix-quarantined-files.txt 2012-03-09 19:15
ComboFix2.txt 2012-03-08 23:44
.
Pre-Run: 117,515,280,384 bytes free
Post-Run: 117,461,680,128 bytes free
.
- - End Of File - - 93F0C973E61DAFBD41BA049B41D7273E

MBAM Log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.07

Windows 7 Service Pack 1 x86 NTFS
I

#8 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 09 March 2012 - 04:39 PM

i didnt realize that the MBAM log got cut off. here's the entirety of it.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.09.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kelli :: KELLI-LAPTOP [administrator]

Protection: Enabled

3/9/2012 2:27:48 PM
mbam-log-2012-03-09 (14-27-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207878
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Also, I wanted to know if there is anything that can be done about my getting bluescreens all the time. I just recently had one again, and I get them a lot. This is what came up after the computer restarted:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: be
BCP1: 91B13E13
BCP2: 50040121
BCP3: 8315E994
BCP4: 0000000A
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:WindowsMinidump030912-38641-01.dmp
C:UsersKelliAppDataLocaltempWER-159011-0.sysdata.xml

#9 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 09 March 2012 - 07:40 PM

Hello musicangel09

Thank you for the logs.

Also, I wanted to know if there is anything that can be done about my getting bluescreens all the time

We can check the integirty of your system files once we are sure that we have taken care of all of the malware.

Lets continue:

  • Please scan the following files
  • Please go to VirusTotal

  • On the page you'll find a "Choose File" button.
  • Click on the Choose File button.
  • In the File Upload window which opens, copy and paste this into the File Name box.

c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\wrar401.exe


  • Next, click the Open button.
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now.
  • Once scanned, copy and paste the link to the results page in your next reply.
  • CKScanner
  • Download CKScanner by askey127 from here and save it to your Desktop.
  • Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Please post the link to the Virus Total results page in your next reply along with the CKScanner log

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#10 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 09 March 2012 - 08:02 PM

Virus Total Link

https://www.virustot...sis/1331340483/

CKFiles

CKScanner - Additional Security Risks - These are not necessarily bad
c:program filestoshiba gamesbejeweled 2 deluxewtmui_desoundsfirecrackle.ogg
c:program filestoshiba gamesbejeweled 2 deluxewtmui_defaultsoundsfirecrackle.ogg
c:program filestoshiba gamesbejeweled 2 deluxewtmui_essoundsfirecrackle.ogg
c:program filestoshiba gamesbejeweled 2 deluxewtmui_frsoundsfirecrackle.ogg
c:program filestoshiba gamesbejeweled 2 deluxewtmui_itsoundsfirecrackle.ogg
c:userskellidesktopdocumentshigh end loft# crackts3sp01.exe
c:userskellidesktopdocumentshigh end loft# cracktslhost.dll
c:userskellidesktoppatterson_ jamesstep on a crack (4182)metadata.opf
c:userskellidesktoppatterson_ jamesstep on a crack (4182)step on a crack - patterson_ james.epub
c:userskellimusicitunesitunes musicmusic50 cent_dr. dre_eminemrelapse18 crack a bottle.m4a
scanner sequence 3.DF.11.UDAPJC
----- EOF -----

#11 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 10 March 2012 - 08:47 AM

Hello musicangel

Thank you for the information.

Did you get the following files from a torrent site?

c:\users\kelli\desktop\documents\high end loft\# crack\ts3sp01.exe
c:\users\kelli\desktop\documents\high end loft\# crack\tslhost.dll

They appear to be related to "The Sims"

Please scan them with Virus Total and post the links to the scan pages in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#12 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 10 March 2012 - 01:35 PM

I got the files from a (different) friend who, i think, may have gotten them from a torrent site. However any scan that either of us has ever ran on them turns up clean. I've had the files for a while but only just installed them recently. and i've never had any problem with them.

link to the first file scan:
https://www.virustot...sis/1331404187/

link to the second file scan:
https://www.virustot...sis/1331404389/

#13 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 10 March 2012 - 04:34 PM

Hello musicangel09

I got the files from a (different) friend who, i think, may have gotten them from a torrent site. However any scan that either of us has ever ran on them turns up clean. I've had the files for a while but only just installed them recently. and i've never had any problem with them.

I have reason to believe that those files may be cracked (illegal). Since this forum does not support or condone the use of cracked or keygened material of any kind you must remove these files before receiving further assistance.
  • Please download OTM
  • Please download OTM by OldTimer by clicking here.
  • Save the file (called OTM.exe) to your desktop.
  • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


:Files
c:\users\kelli\desktop\documents\high end loft\# crack

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#14 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 11 March 2012 - 02:33 AM

That's not a problem. if it's infected, I don't want it anyway. :)

OTM File

All processes killed
========== FILES ==========
c:userskellidesktopdocumentshigh end loft# Crack folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kelli
->Temp folder emptied: 100106 bytes
->Temporary Internet Files folder emptied: 1053805 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 135108857 bytes
->Flash cache emptied: 2157 bytes

User: Mcx1-KELLI-LAPTOP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 182 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 130.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kelli
->Flash cache emptied: 0 bytes

User: Mcx1-KELLI-LAPTOP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03112012_032849

Files moved on Reboot...

Registry entries deleted on Reboot...

#15 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 11 March 2012 - 06:31 AM

Hello musicangel09

Thank you for the log.

Lets run an online scan to check for anything that may have been missed:

  • Please run the following scan
  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post the ESET log and a new set of DDS scan logs in your next reply.

How is the machine running now?
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#16 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 11 March 2012 - 03:30 PM

The computer is running smoother, i'll admit. havent had any problems since we've started this so i'm guessing we're on the right track! here is the scan you requested... C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrBrowserConnection.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngr.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrDnsBHO.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrIEBHO.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgramDataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc multiple threats

#17 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 11 March 2012 - 04:20 PM

Hello musicangel09

Thank you for the scan log.

ESET has detected a number of things held in Combofix quarantine plus a file that we will deal with now:
  • OTM
  • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


:Files
C:\Users\Kelli\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120307220649714.rsc

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply along with a new set of DDS scan logs.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#18 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 11 March 2012 - 06:03 PM

First, after running OTM, My desktop now has a good number of ghosted files--files that have once been on my desktop that i'd either moved or deleted. they're such like "~$filename.docx"

Here is the new OTM log:


All processes killed
========== FILES ==========
C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
-&gt;Temp folder emptied: 0 bytes
-&gt;Temporary Internet Files folder emptied: 0 bytes
-&gt;Flash cache emptied: 0 bytes

User: Default User
-&gt;Temp folder emptied: 0 bytes
-&gt;Temporary Internet Files folder emptied: 0 bytes
-&gt;Flash cache emptied: 0 bytes

User: Kelli
-&gt;Temp folder emptied: 1429 bytes
-&gt;Temporary Internet Files folder emptied: 10300225 bytes
-&gt;Java cache emptied: 0 bytes
-&gt;FireFox cache emptied: 47933955 bytes
-&gt;Flash cache emptied: 456 bytes

User: Mcx1-KELLI-LAPTOP
-&gt;Temp folder emptied: 0 bytes
-&gt;Temporary Internet Files folder emptied: 0 bytes
-&gt;Flash cache emptied: 0 bytes

User: Public
-&gt;Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 790 bytes
%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes
%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 56.00 mb


[EMPTYFLASH]

User: All Users

User: Default
-&gt;Flash cache emptied: 0 bytes

User: Default User
-&gt;Flash cache emptied: 0 bytes

User: Kelli
-&gt;Flash cache emptied: 0 bytes

User: Mcx1-KELLI-LAPTOP
-&gt;Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 03112012_184806

Edited by musicangel09, 11 March 2012 - 06:06 PM.


#19 musicangel09

musicangel09

    Member

  • Members
  • 90 posts
  • Gender:Female
  • Location:Michigan


Posted 11 March 2012 - 06:03 PM

and the DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Kelli at 18:58:25 on 2012-03-11
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1828 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:PROGRA~1AVGAVG2012avgrsx.exe
C:Program FilesAVGAVG2012avgcsrvx.exe
C:Windowssystem32wininit.exe
C:Windowssystem32lsm.exe
C:Windowssystem32svchost.exe -k DcomLaunch
C:Windowssystem32svchost.exe -k RPCSS
C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted
C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted
C:Windowssystem32svchost.exe -k netsvcs
C:Windowssystem32svchost.exe -k LocalService
C:Windowssystem32svchost.exe -k NetworkService
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe -k LocalServiceNoNetwork
C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG2012avgfws.exe
C:Program FilesAVGAVG2012avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesTOSHIBAConfigFreeCFSvcs.exe
C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation
C:Windowssystem32svchost.exe -k imgsvc
C:Program FilesTOSHIBATOSHIBA Service StationTMachInfo.exe
C:Program FilesAVGAVG2012avgnsx.exe
C:Program FilesAVGAVG2012avgemcx.exe
C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe
C:Windowssystem32TODDSrv.exe
C:Program FilesToshibaPower SaverTosCoSrv.exe
C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe
C:Program FilesAVGAVG2012AVGIDSAgent.exe
C:Program FilesToshibaSmartFaceVSmartFaceVWatchSrv.exe
C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsRtHDVCpl.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Windowssystem32taskhost.exe
C:Program FilesMicrosoft IntelliPointipoint.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesDivXDivX UpdateDivXUpdate.exe
C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe
C:Program FilesAVGAVG2012avgtray.exe
C:Program FilesSynapticsSynTPSynTPHelper.exe
C:Program FilesAVGAVG2012avgcsrvx.exe
C:UsersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesYahoo!Messengerymsgr_tray.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32DllHost.exe
C:Windowssystem32conhost.exe
C:Windowssystem32wbemwmiprvse.exe
C:Windowssystem32DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:program filesfvd suiteaddonsieFVDToolbar.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:program filesdivxdivx plus web playeriedivxhtml5DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:program fileswindows livecompanioncompanioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn1YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll
TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:program filesfvd suiteaddonsieFVDToolbar.dll
uRun: [SansaDispatch] c:userskelliappdataroamingsandisksansa updaterSansaDispatch.exe
uRun: [Sidebar] c:program fileswindows sidebarsidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:program filesintelintel matrix storage manageriaanotif.exe
mRun: [B2C_AGENT] c:programdatalgmobileaxb2c_clientB2CNotiAgent.exe
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [IgfxTray] c:windowssystem32igfxtray.exe
mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe"
mRun: [IntelliPoint] "c:program filesmicrosoft intellipointipoint.exe"
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray
mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:program fileswindows livecompanioncompanioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL
DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF}7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:userskelliappdataroamingmozillafirefoxprofilesg780i6nk.default
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:progra~1meadco~1npmeadax.dll
FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll
FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.3.21.99npGoogleUpdate3.dll
FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll
FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592]
R1 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;c:program filesavgavg2012avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776]
R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960]
R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-2-7 652360]
R2 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2008-8-18 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976]
R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720]
R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-8-18 7168]
R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-8-11 20464]
R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187B.sys [2010-3-31 379904]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filestoshibasmartfacevSmartFaceVWatchSrv.exe [2008-4-24 73728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-10-5 23456]
S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2011-2-23 15872]
S3 SVRPEDRV;SVRPEDRV;c:windowssystem32sysprepPEDRV.SYS [2008-8-21 9216]
S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-3-1 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2009-7-13 17920]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-11 17:58:52 -------- d-----w- c:program filesESET
2012-03-11 07:28:49 -------- d-----w- C:_OTM
2012-03-09 19:15:43 -------- d-sh--w- C:$RECYCLE.BIN
2012-03-09 19:15:36 -------- d-----w- c:userskelliappdatalocaltemp
2012-03-09 18:56:38 -------- d-----w- C:ComboFix
2012-03-08 23:24:06 98816 ----a-w- c:windowssed.exe
2012-03-08 23:24:06 518144 ----a-w- c:windowsSWREG.exe
2012-03-08 23:24:06 256000 ----a-w- c:windowsPEV.exe
2012-03-08 23:24:06 208896 ----a-w- c:windowsMBR.exe
2012-03-08 02:54:39 -------- d-----w- c:userskelliappdataroamingAVG
2012-03-06 22:50:58 -------- d-----w- c:userskelliappdataroamingAVG2012
2012-03-06 22:50:46 -------- d--h--w- c:programdataCommon Files
2012-03-06 22:49:09 -------- d-----w- c:windowssystem32driversAVG
2012-03-06 22:49:08 -------- d-----w- c:programdataAVG2012
2012-03-06 22:47:52 -------- d-----w- c:program filesAVG
2012-03-06 22:44:38 -------- d-----w- c:programdataMFAData
2012-03-06 11:33:03 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}offreg.dll
2012-03-06 09:19:43 6552120 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}mpengine.dll
2012-03-06 03:38:10 -------- d-----w- c:program filesuTorrent
2012-03-06 02:56:14 -------- d-----w- c:programdataboost_interprocess
2012-03-06 02:43:21 -------- d-----w- c:userskelliappdatalocalPackageAware
2012-03-06 02:36:44 -------- d-----w- c:program filesfbphotozoom
2012-03-02 21:48:25 -------- d-----w- c:program filesAVAST Software
2012-02-23 07:44:38 -------- d-----w- c:program filesMicrosoft Security Client
2012-02-23 04:14:37 -------- d-----w- C:SWsetup
2012-02-23 04:04:17 -------- d-----w- c:programdataPC Drivers HeadQuarters
2012-02-23 03:33:55 2168320 ----a-w- c:windowssystem32RtkAPO.dll
2012-02-23 03:20:04 -------- d--h--w- c:program filesTemp
2012-02-20 02:21:28 -------- d-----w- c:userskelliappdataroamingOrigin
2012-02-20 02:21:26 -------- d-----w- c:userskelliappdatalocalOrigin
2012-02-20 02:21:15 -------- d-----w- c:program filesOrigin Games
2012-02-20 02:20:43 -------- d-----w- c:program filesOrigin
2012-02-20 02:20:36 -------- d-----w- c:programdataEA Core
2012-02-16 05:30:32 478720 ----a-w- c:windowssystem32timedate.cpl
2012-02-16 05:30:31 690688 ----a-w- c:windowssystem32msvcrt.dll
2012-02-16 05:30:25 442880 ----a-w- c:windowssystem32ntshrui.dll
2012-02-16 05:30:07 2343424 ----a-w- c:windowssystem32win32k.sys
.
==================== Find3M ====================
.
2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe
2012-02-19 08:33:25 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:windowssystem32jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:windowssystem32wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:windowssystem32inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:windowssystem32mshtml.tlb
.
============= FINISH: 19:00:18.66 ===============

#20 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 12 March 2012 - 04:11 AM

Hello musicangel09

My desktop now has a good number of ghosted files--files that have once been on my desktop that i'd either moved or deleted. they're such like "~filename.doxc"

Not sure how that could have happened. We certainly did'nt configure OTM to do that.

Lets take care of the following in the steps below:

  • Please work through the following steps
  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the quotebox below into the open Notepad window:

    DDS::
    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

    Posted Image
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.

Please post the Combofix log in your next reply and also a new DDS scan log after Combofix has completed its run.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users