Jump to content

musicangel09

Members
  • Content Count

    90
  • Joined

  • Last visited

About musicangel09

  • Rank
    Member
  • Birthday 01/11/1991

Profile Information

  • Gender
    Female
  • Location
    Michigan

Previous Fields

  • Teams:
    Nothing Selected
  1. Thank you so much! I will likely head over to one of those forums to take care of the bluescreens, but otherwise my computer seems to be running a whole lot better. There's no lag anymore and my startup/shut down times have gotten better. Thank you so much for everything and working with me! I appreciate it so much. Cant say that i'll ever loan my computer out again any time soon. hah!!
  2. i no longer posted this, switched websites, and bluescreened again. This one said "an attempt was made to write over read-only memory" and the file associated was "dxgmms1.sys" The windows error report once my computer restarted said: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033 Additional information about the problem: BCCode: be BCP1: 91120E13 BCP2: 4E0C0121 BCP3: 807E1994 BCP4: 0000000A OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:WindowsMinidump031212-43196-01.dmp C:UsersKelliAppDataLocaltempWER-165049-0.sysdata.xml
  3. I ran the scan and it said that it did not find any integrity issues. But yes, I do still get them.. some of the things that i recall seeing -- hopefully they'll help you-- are: dxgmms.sys irql not less than or equal to an attempt was made to write over read only files i'm not sure what those will tell you but that's what always shows up.
  4. DDS.txt file . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Kelli at 13:16:18 on 2012-03-12 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.2003 [GMT -4:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:PROGRA~1AVGAVG2012avgrsx.exe C:Program FilesAVGAVG2012avgcsrvx.exe C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program FilesCommon FilesAdobeARM1.0armsvc.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesAVGAVG2012avgfws.exe C:Program FilesAVGAVG2012avgwdsvc.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesTOSHIBAConfigFreeCFSvcs.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k imgsvc C:Program FilesAVGAVG2012avgnsx.exe C:Program FilesTOSHIBATOSHIBA Service StationTMachInfo.exe C:Program FilesAVGAVG2012avgemcx.exe C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe C:Windowssystem32TODDSrv.exe C:Program FilesToshibaPower SaverTosCoSrv.exe C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program FilesAVGAVG2012AVGIDSAgent.exe C:Program FilesToshibaSmartFaceVSmartFaceVWatchSrv.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32taskhost.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesAVGAVG2012avgcsrvx.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsRtHDVCpl.exe C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe C:Program FilesCommon FilesJavaJava Updatejusched.exe C:WindowsSystem32hkcmd.exe C:WindowsSystem32igfxpers.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesMicrosoft IntelliPointipoint.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesDivXDivX UpdateDivXUpdate.exe C:Program FilesAVGAVG2012avgtray.exe C:UsersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe C:Program FilesiPodbiniPodService.exe C:Program FilesYahoo!Messengerymsgr_tray.exe C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:program filesfvd suiteaddonsieFVDToolbar.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:program filesdivxdivx plus web playeriedivxhtml5DivXHTML5.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:program fileswindows livecompanioncompanioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn1YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:program filesfvd suiteaddonsieFVDToolbar.dll uRun: [sansaDispatch] c:userskelliappdataroamingsandisksansa updaterSansaDispatch.exe uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [iAAnotif] c:program filesintelintel matrix storage manageriaanotif.exe mRun: [b2C_AGENT] c:programdatalgmobileaxb2c_clientB2CNotiAgent.exe mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe" mRun: [igfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Persistence] c:windowssystem32igfxpers.exe mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe" mRun: [intelliPoint] "c:program filesmicrosoft intellipointipoint.exe" mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe" mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000 IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:program fileswindows livecompanioncompanioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF}7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:userskelliappdataroamingmozillafirefoxprofilesg780i6nk.default FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:progra~1meadco~1npmeadax.dll FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.99npGoogleUpdate3.dll FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592] R1 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwd6x.sys [2011-5-23 47968] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248] R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656] R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-1-3 63928] R2 avgfws;AVG Firewall;c:program filesavgavg2012avgfws.exe [2011-11-23 2391832] R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776] R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960] R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-2-7 652360] R2 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2008-8-18 62776] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976] R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720] R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-8-18 7168] R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-8-11 20464] R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187B.sys [2010-3-31 379904] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filestoshibasmartfacevSmartFaceVWatchSrv.exe [2008-4-24 73728] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-10-5 23456] S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-10-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2011-2-23 15872] S3 SVRPEDRV;SVRPEDRV;c:windowssystem32sysprepPEDRV.SYS [2008-8-21 9216] S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-3-1 1343400] S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2009-7-13 17920] S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-03-12 15:58:04 -------- d-sh--w- C:$RECYCLE.BIN 2012-03-12 15:28:23 -------- d-----w- C:ComboFix 2012-03-11 17:58:52 -------- d-----w- c:program filesESET 2012-03-11 07:28:49 -------- d-----w- C:_OTM 2012-03-09 19:15:36 -------- d-----w- c:userskelliappdatalocaltemp 2012-03-08 23:24:06 98816 ----a-w- c:windowssed.exe 2012-03-08 23:24:06 518144 ----a-w- c:windowsSWREG.exe 2012-03-08 23:24:06 256000 ----a-w- c:windowsPEV.exe 2012-03-08 23:24:06 208896 ----a-w- c:windowsMBR.exe 2012-03-08 02:54:39 -------- d-----w- c:userskelliappdataroamingAVG 2012-03-06 22:50:58 -------- d-----w- c:userskelliappdataroamingAVG2012 2012-03-06 22:50:46 -------- d--h--w- c:programdataCommon Files 2012-03-06 22:49:09 -------- d-----w- c:windowssystem32driversAVG 2012-03-06 22:49:08 -------- d-----w- c:programdataAVG2012 2012-03-06 22:47:52 -------- d-----w- c:program filesAVG 2012-03-06 22:44:38 -------- d-----w- c:programdataMFAData 2012-03-06 11:33:03 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}offreg.dll 2012-03-06 09:19:43 6552120 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}mpengine.dll 2012-03-06 03:38:10 -------- d-----w- c:program filesuTorrent 2012-03-06 02:56:14 -------- d-----w- c:programdataboost_interprocess 2012-03-06 02:43:21 -------- d-----w- c:userskelliappdatalocalPackageAware 2012-03-06 02:36:44 -------- d-----w- c:program filesfbphotozoom 2012-03-02 21:48:25 -------- d-----w- c:program filesAVAST Software 2012-02-23 07:44:38 -------- d-----w- c:program filesMicrosoft Security Client 2012-02-23 04:14:37 -------- d-----w- C:SWsetup 2012-02-23 04:04:17 -------- d-----w- c:programdataPC Drivers HeadQuarters 2012-02-23 03:33:55 2168320 ----a-w- c:windowssystem32RtkAPO.dll 2012-02-23 03:20:04 -------- d--h--w- c:program filesTemp 2012-02-20 02:21:28 -------- d-----w- c:userskelliappdataroamingOrigin 2012-02-20 02:21:26 -------- d-----w- c:userskelliappdatalocalOrigin 2012-02-20 02:21:15 -------- d-----w- c:program filesOrigin Games 2012-02-20 02:20:43 -------- d-----w- c:program filesOrigin 2012-02-20 02:20:36 -------- d-----w- c:programdataEA Core 2012-02-16 05:30:32 478720 ----a-w- c:windowssystem32timedate.cpl 2012-02-16 05:30:31 690688 ----a-w- c:windowssystem32msvcrt.dll 2012-02-16 05:30:25 442880 ----a-w- c:windowssystem32ntshrui.dll 2012-02-16 05:30:07 2343424 ----a-w- c:windowssystem32win32k.sys . ==================== Find3M ==================== . 2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe 2012-02-19 08:33:25 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-01-04 00:48:42 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl 2011-12-14 03:04:54 1798656 ----a-w- c:windowssystem32jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- c:windowssystem32wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- c:windowssystem32inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- c:windowssystem32mshtml.tlb . ============= FINISH: 13:17:00.59 ===============
  5. Yes, that is exactly what popped up. And restarting the computer did seem to fix it. I just wanted to make sure it wasnt anything that made it worse! whew!! Off to run DDS quick. Report to follow!
  6. Okay, now we've run into a problem. I think that whatever you just did made whatever's on my computer angry or else you did something I ran combofix just as you'd asked me to. dragging the txt file over and all. it ran, did all it needed to do. it rebooted my computer automatically and once it came back, it produced a log file for a split second before closing again. i hadn't had a chance to save the document. the problem, though, is that when i'd gone to get on the computer again to tell you, EVERYTHING gave me a notification that it could not be run because it was marked for deletion. internet explorer, firefox. i even was going to system restore but it wouldnt open. then, once again, my computer shut itself down and it's like nothing ever happened. I still dont have the CFlog, but i'm able to get on the internet. /cries
  7. and the DDS Log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Kelli at 18:58:25 on 2012-03-11 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1828 [GMT -4:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:PROGRA~1AVGAVG2012avgrsx.exe C:Program FilesAVGAVG2012avgcsrvx.exe C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program FilesCommon FilesAdobeARM1.0armsvc.exe C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesAVGAVG2012avgfws.exe C:Program FilesAVGAVG2012avgwdsvc.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesTOSHIBAConfigFreeCFSvcs.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Windowssystem32svchost.exe -k imgsvc C:Program FilesTOSHIBATOSHIBA Service StationTMachInfo.exe C:Program FilesAVGAVG2012avgnsx.exe C:Program FilesAVGAVG2012avgemcx.exe C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe C:Windowssystem32TODDSrv.exe C:Program FilesToshibaPower SaverTosCoSrv.exe C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe C:Program FilesAVGAVG2012AVGIDSAgent.exe C:Program FilesToshibaSmartFaceVSmartFaceVWatchSrv.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsRtHDVCpl.exe C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe C:Program FilesCommon FilesJavaJava Updatejusched.exe C:WindowsSystem32hkcmd.exe C:WindowsSystem32igfxpers.exe C:Windowssystem32taskhost.exe C:Program FilesMicrosoft IntelliPointipoint.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesDivXDivX UpdateDivXUpdate.exe C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe C:Program FilesAVGAVG2012avgtray.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program FilesAVGAVG2012avgcsrvx.exe C:UsersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe C:Program FilesiPodbiniPodService.exe C:Program FilesWindows Sidebarsidebar.exe C:Program FilesYahoo!Messengerymsgr_tray.exe C:Program FilesMozilla Firefoxfirefox.exe C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe C:Windowssystem32DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:program filesfvd suiteaddonsieFVDToolbar.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:program filesdivxdivx plus web playeriedivxhtml5DivXHTML5.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:program fileswindows livecompanioncompanioncore.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn1YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:program filesfvd suiteaddonsieFVDToolbar.dll uRun: [sansaDispatch] c:userskelliappdataroamingsandisksansa updaterSansaDispatch.exe uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [iAAnotif] c:program filesintelintel matrix storage manageriaanotif.exe mRun: [b2C_AGENT] c:programdatalgmobileaxb2c_clientB2CNotiAgent.exe mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe" mRun: [igfxTray] c:windowssystem32igfxtray.exe mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe mRun: [Persistence] c:windowssystem32igfxpers.exe mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe" mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe" mRun: [intelliPoint] "c:program filesmicrosoft intellipointipoint.exe" mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe" mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe" mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000 IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:program fileswindows livecompanioncompanioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF}7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - c:userskelliappdataroamingmozillafirefoxprofilesg780i6nk.default FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:progra~1meadco~1npmeadax.dll FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.99npGoogleUpdate3.dll FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592] R1 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwd6x.sys [2011-5-23 47968] R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016] R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248] R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656] R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-1-3 63928] R2 avgfws;AVG Firewall;c:program filesavgavg2012avgfws.exe [2011-11-23 2391832] R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776] R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960] R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-2-7 652360] R2 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2008-8-18 62776] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976] R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134736] R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272] R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720] R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-8-18 7168] R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-8-11 20464] R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187B.sys [2010-3-31 379904] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filestoshibasmartfacevSmartFaceVWatchSrv.exe [2008-4-24 73728] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-13 14336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888] S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-10-5 23456] S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-10-21 39272] S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 1493352] S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2011-2-23 15872] S3 SVRPEDRV;SVRPEDRV;c:windowssystem32sysprepPEDRV.SYS [2008-8-21 9216] S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224] S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-3-1 1343400] S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2009-7-13 17920] S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-03-11 17:58:52 -------- d-----w- c:program filesESET 2012-03-11 07:28:49 -------- d-----w- C:_OTM 2012-03-09 19:15:43 -------- d-sh--w- C:$RECYCLE.BIN 2012-03-09 19:15:36 -------- d-----w- c:userskelliappdatalocaltemp 2012-03-09 18:56:38 -------- d-----w- C:ComboFix 2012-03-08 23:24:06 98816 ----a-w- c:windowssed.exe 2012-03-08 23:24:06 518144 ----a-w- c:windowsSWREG.exe 2012-03-08 23:24:06 256000 ----a-w- c:windowsPEV.exe 2012-03-08 23:24:06 208896 ----a-w- c:windowsMBR.exe 2012-03-08 02:54:39 -------- d-----w- c:userskelliappdataroamingAVG 2012-03-06 22:50:58 -------- d-----w- c:userskelliappdataroamingAVG2012 2012-03-06 22:50:46 -------- d--h--w- c:programdataCommon Files 2012-03-06 22:49:09 -------- d-----w- c:windowssystem32driversAVG 2012-03-06 22:49:08 -------- d-----w- c:programdataAVG2012 2012-03-06 22:47:52 -------- d-----w- c:program filesAVG 2012-03-06 22:44:38 -------- d-----w- c:programdataMFAData 2012-03-06 11:33:03 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}offreg.dll 2012-03-06 09:19:43 6552120 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}mpengine.dll 2012-03-06 03:38:10 -------- d-----w- c:program filesuTorrent 2012-03-06 02:56:14 -------- d-----w- c:programdataboost_interprocess 2012-03-06 02:43:21 -------- d-----w- c:userskelliappdatalocalPackageAware 2012-03-06 02:36:44 -------- d-----w- c:program filesfbphotozoom 2012-03-02 21:48:25 -------- d-----w- c:program filesAVAST Software 2012-02-23 07:44:38 -------- d-----w- c:program filesMicrosoft Security Client 2012-02-23 04:14:37 -------- d-----w- C:SWsetup 2012-02-23 04:04:17 -------- d-----w- c:programdataPC Drivers HeadQuarters 2012-02-23 03:33:55 2168320 ----a-w- c:windowssystem32RtkAPO.dll 2012-02-23 03:20:04 -------- d--h--w- c:program filesTemp 2012-02-20 02:21:28 -------- d-----w- c:userskelliappdataroamingOrigin 2012-02-20 02:21:26 -------- d-----w- c:userskelliappdatalocalOrigin 2012-02-20 02:21:15 -------- d-----w- c:program filesOrigin Games 2012-02-20 02:20:43 -------- d-----w- c:program filesOrigin 2012-02-20 02:20:36 -------- d-----w- c:programdataEA Core 2012-02-16 05:30:32 478720 ----a-w- c:windowssystem32timedate.cpl 2012-02-16 05:30:31 690688 ----a-w- c:windowssystem32msvcrt.dll 2012-02-16 05:30:25 442880 ----a-w- c:windowssystem32ntshrui.dll 2012-02-16 05:30:07 2343424 ----a-w- c:windowssystem32win32k.sys . ==================== Find3M ==================== . 2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe 2012-02-19 08:33:25 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-01-04 00:48:42 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl 2011-12-14 03:04:54 1798656 ----a-w- c:windowssystem32jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- c:windowssystem32wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- c:windowssystem32inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- c:windowssystem32mshtml.tlb . ============= FINISH: 19:00:18.66 ===============
  8. First, after running OTM, My desktop now has a good number of ghosted files--files that have once been on my desktop that i'd either moved or deleted. they're such like "~$filename.docx" Here is the new OTM log: All processes killed ========== FILES ========== C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kelli ->Temp folder emptied: 1429 bytes ->Temporary Internet Files folder emptied: 10300225 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 47933955 bytes ->Flash cache emptied: 456 bytes User: Mcx1-KELLI-LAPTOP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 790 bytes %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 56.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kelli ->Flash cache emptied: 0 bytes User: Mcx1-KELLI-LAPTOP ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTM by OldTimer - Version 3.1.19.0 log created on 03112012_184806
  9. The computer is running smoother, i'll admit. havent had any problems since we've started this so i'm guessing we're on the right track! here is the scan you requested... C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrBrowserConnection.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngr.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrDnsBHO.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrIEBHO.dll.vir Win32/Toolbar.SearchSuite application C:QooboxQuarantineCProgramDataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc multiple threats
  10. That's not a problem. if it's infected, I don't want it anyway. OTM File All processes killed ========== FILES ========== c:userskellidesktopdocumentshigh end loft# Crack folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kelli ->Temp folder emptied: 100106 bytes ->Temporary Internet Files folder emptied: 1053805 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 135108857 bytes ->Flash cache emptied: 2157 bytes User: Mcx1-KELLI-LAPTOP ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 182 bytes %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 130.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Kelli ->Flash cache emptied: 0 bytes User: Mcx1-KELLI-LAPTOP ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTM by OldTimer - Version 3.1.19.0 log created on 03112012_032849 Files moved on Reboot... Registry entries deleted on Reboot...
  11. I got the files from a (different) friend who, i think, may have gotten them from a torrent site. However any scan that either of us has ever ran on them turns up clean. I've had the files for a while but only just installed them recently. and i've never had any problem with them. link to the first file scan: https://www.virustotal.com/file/0e73db08343e98e9167629774fa986420d5b1617dd2ea475fe880fc7f7661f4f/analysis/1331404187/ link to the second file scan: https://www.virustotal.com/file/1c97870a3f395c800099a6079dbdbcda04cd977a83fc64f57322aa9e70242c76/analysis/1331404389/
  12. Virus Total Link https://www.virustotal.com/file/d8f6414c57222b1740cf842245623da2bd5e1a9db03790ead39e4dfdaf24139f/analysis/1331340483/ CKFiles CKScanner - Additional Security Risks - These are not necessarily bad c:program filestoshiba gamesbejeweled 2 deluxewtmui_desoundsfirecrackle.ogg c:program filestoshiba gamesbejeweled 2 deluxewtmui_defaultsoundsfirecrackle.ogg c:program filestoshiba gamesbejeweled 2 deluxewtmui_essoundsfirecrackle.ogg c:program filestoshiba gamesbejeweled 2 deluxewtmui_frsoundsfirecrackle.ogg c:program filestoshiba gamesbejeweled 2 deluxewtmui_itsoundsfirecrackle.ogg c:userskellidesktopdocumentshigh end loft# crackts3sp01.exe c:userskellidesktopdocumentshigh end loft# cracktslhost.dll c:userskellidesktoppatterson_ jamesstep on a crack (4182)metadata.opf c:userskellidesktoppatterson_ jamesstep on a crack (4182)step on a crack - patterson_ james.epub c:userskellimusicitunesitunes musicmusic50 cent_dr. dre_eminemrelapse18 crack a bottle.m4a scanner sequence 3.DF.11.UDAPJC ----- EOF -----
  13. i didnt realize that the MBAM log got cut off. here's the entirety of it. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.09.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Kelli :: KELLI-LAPTOP [administrator] Protection: Enabled 3/9/2012 2:27:48 PM mbam-log-2012-03-09 (14-27-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207878 Time elapsed: 7 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Also, I wanted to know if there is anything that can be done about my getting bluescreens all the time. I just recently had one again, and I get them a lot. This is what came up after the computer restarted: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.1 Locale ID: 1033 Additional information about the problem: BCCode: be BCP1: 91B13E13 BCP2: 50040121 BCP3: 8315E994 BCP4: 0000000A OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:WindowsMinidump030912-38641-01.dmp C:UsersKelliAppDataLocaltempWER-159011-0.sysdata.xml
  14. Hello once again! Here are the two logs you requested! NEW CF LOG ComboFix 12-03-08.04 - Kelli 03/09/2012 13:58:21.4.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1881 [GMT -5:00] Running from: c:usersKelliDesktopComboFix.exe Command switches used :: c:usersKelliDesktopCFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:progra~1SEARCH~1Datamngrdatamngr.dll" "c:progra~1SEARCH~1DatamngrIEBHO.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program files1ClickDownload c:program files1ClickDownload(Demonoid.me)-Toys_by_James_Patterson.torrent c:program files1ClickDownload1Click.cfg c:program files1ClickDownload1ClickDownload.exe c:program files1ClickDownloadC08AC20CCD7C0844A5442EEFB1F6BCE0F75A0C7D.status c:program files1ClickDownloadLogContext.log c:program files1ClickDownloadLogDownloader.log c:program files1ClickDownloadmainpack.exe c:program files1ClickDownloadOneClickLib.dll c:program files1ClickDownloaduninst.exe c:program filesSearchqu Toolbar c:program filesSearchqu ToolbarDatamngrBrowserConnection.dll c:program filesSearchqu ToolbarDatamngrdatamngr.dll c:program filesSearchqu ToolbarDatamngrdatamngrUI.exe c:program filesSearchqu ToolbarDatamngrDnsBHO.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest.alt c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.xpt c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF10.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF11.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF3.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF4.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF5.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF6.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF7.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF8.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF9.dll c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDataMngr.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDnsBHO.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentError404BHO.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentNewTabBHO.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.xul c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentRelatedSearch.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSearchBHO.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSessionRestore.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettingManager.js c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml.alt c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf.alt c:program filesSearchqu ToolbarDatamngrIEBHO.dll c:program filesSearchqu ToolbarDatamngrToolBaras_guid.dat c:program filesSearchqu ToolbarDatamngrToolBarchromecontentbandoocode.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchengines.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchsearch.xsl c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibabout.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibbandoocode.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanel.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpaneltransparent.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanelwin.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxprefwin.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxtransparentwin.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxwin.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibemailnotifierproviders.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibexternal.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibneterror.xhtml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibvmncode.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibwmpstreamer.html c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesdatastore.jsm c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesnsDragAndDrop.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentneterror.xhtml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpartner.coupons.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpreferences.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontentradiobeta.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttemplate.xml c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.htm c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.xul c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmncode.js c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmnrsswin.xml c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbabylon_logo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbandoo.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluelite.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluesky.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn_settings.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinca.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskindictionary.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskindivider.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskindownloadcom.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskindtxlogo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinebay.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail_on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinfacebook.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingames.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0_5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1_5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2_5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3_5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4_5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphredna.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskingrey.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinico-shield.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_amazon.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_games.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_radio_png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_seperator_png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_twitter.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_youtube.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimages.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimesh.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibadd.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibaol.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-dn.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right-disabled.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-up.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-divider.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-end.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl_ff.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-start.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-divider.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-end.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl_ff.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-start.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibblank.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn_slider.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcheckmark.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibchevron.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcollapse.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcomcast.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibdtx.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back-hot.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibexpand.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibfound.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibgmail.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_blue.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_cyan.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_lime.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_magenta.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_yellow.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhotmail.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibico-check.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibimap.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblastsearch-thumb-back.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibloadingMid.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblock.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblogo-separator.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmailcom.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_bg-basic.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_bar.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_white.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitem-splitter.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-down-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-vista.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmodify.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmove.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmovetarget.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspanels.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupAbout.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupGames.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupRSS.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupWidgets.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultcssdialog.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbg.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-search.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesdefault.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-l.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-r.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-l.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-r.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestransparent.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-mdl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-mdl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right-resize.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultmain.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultscriptsdefscript.js c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsfooter.htm c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgamecategory.xsl c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameData.js c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameList.xsl c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgames.xsl c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgametype.xsl c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-dn.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml-drop.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-up.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrowr-bluew5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-aboutbox.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-btnover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-pnl520x390.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-back.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-greyover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-drag.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-moredetails.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-right-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbullet-orange.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb2-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-calendar.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-dollar.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-download.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-joystick24.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-news24.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-play.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-tags.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Add.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-download.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Info.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-play.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-shop.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgon.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagespanel-botm-noscroll.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg-206.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-topwin.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-disable.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-down.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-disable.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-down.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagessearchbox-pnlbtm.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_orange.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesTRUSTe_about.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-16px.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-24px.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsinitHTML.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupGames.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupHTML.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupRSS.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupWidgets.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsscroll.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpop.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradio.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssmanager.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssslider.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbg-pnl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-greyover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagescollapsed_button.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesexpanded_button.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-down.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-radio.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesmusic-note.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-bg.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-buffer.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-busy.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-off.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-on.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-warning.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-on.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-0.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-1.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-2.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-3.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-mute.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-handle.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-track.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslider.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslideron.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagestrack.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiomanagerpanel.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiovolumeslider.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-buffering.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-connecting.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-playing.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-stopped.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta.ico c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibreload.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibremove.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrename.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibresize-box.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrss.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsschannelback.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibRSSLogo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsstabdivider.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch-go.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtext-ellipsis.xml c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibthrobber.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtoolbarsplitter.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtransparent_1px.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_02.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_03.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_04.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_06.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_07.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_08.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_09.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_10.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_11.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_12.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_13.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_14.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_15.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_16.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_18.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_19.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_20.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_21.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-greyover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-hot.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-normal.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaloadingMid.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaproxy.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.xml c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplateFF.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwathrobber.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconscond999.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsicons.xml c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-s.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-t.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesadd.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesarrowr-bluew5.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue-whitebg.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-check.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-uncheck.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-greyover.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-delete.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next-off.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous-off.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-check.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid-s.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesoptions-weather.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-blue.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-orange.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug2.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-checked.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-unchecked.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagessearchbox-pnlbtm.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesweather-contour.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.html c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibyahoo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlichen.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-about.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-separator.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmail.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmaps.bmp c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmenuseparatorback.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify-save.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodifyhot.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmusic.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinnews.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-main.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-search.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-widgets.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinorange.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinpixsy.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinprotect-id.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-buffering.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-connecting.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-playing.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-stopped.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta.ico c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrelatedlinks.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-collapse.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-delete.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-expand.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-feed.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-remove.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-rename.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-found.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-reload.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-subscribe.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrssback.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrsstopback.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch-over.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_over_png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-left.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-middle.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-right.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsettings.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinshopping.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsiteinfo.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluelite.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluesky.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-grey.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-lichen.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-orange.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-yellow.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin.xml c:program filesSearchqu ToolbarDatamngrToolBarchromeskintechnorati.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinthrobber.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskintoolbarsplitter.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskintranslate.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvideo.bmp c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.css c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweather.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweb.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwidgets-square-16px.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwikipedia.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyahoosearch.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyellow.gif c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyoutube.png c:program filesSearchqu ToolbarDatamngrToolBarchromeskinzoom.png c:program filesSearchqu ToolbarDatamngrToolBarcomponentswindowmediator.js c:program filesSearchqu ToolbarDatamngrToolBardtUser.exe c:program filesSearchqu ToolbarDatamngrToolBarmanifest.xml c:program filesSearchqu ToolbarDatamngrToolBarsearchquband.dll c:program filesSearchqu ToolbarDatamngrToolBarsearchqudtx.dll c:program filesSearchqu ToolbarDatamngrToolBaruninstall.exe c:program filesSearchqu Toolbarsysid.ini c:program filesSearchqu Toolbaruninstall.exe c:programdataDriverCure c:programdataDriverCure9B13A86D3456.plf c:programdataParetoLogic c:programdataParetoLogicUUS2DriverCureMaster.xml c:programdataParetoLogicUUS2DriverCurePatch.xml c:programdataParetoLogicUUS2DriverCureUpdate.xml c:programdataParetoLogicUUS2Master.xml c:programdataParetoLogicUUS2Patch.xml c:programdataParetoLogicUUS2Update.xml c:usersKelliAppDataLocalIlivid Player c:usersKelliAppDataLocalIlivid Playerscript.qscript c:usersKelliAppDataRoamingDriverCure c:usersKelliAppDataRoamingDriverCureClient.txt c:usersKelliAppDataRoamingDriverCureLogFile.txt c:usersKelliAppDataRoamingDriverCureServer.txt . . ((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))))) . . 2012-03-09 19:10 . 2012-03-09 19:11 -------- d-----w- c:usersKelliAppDataLocaltemp 2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersPublicAppDataLocaltemp 2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp 2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG 2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files 2012-03-06 22:49 . 2012-03-09 14:46 -------- d-----w- c:windowssystem32driversAVG 2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012 2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG 2012-03-06 22:44 . 2012-03-09 14:46 -------- d-----w- c:programdataMFAData 2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll 2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll 2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent 2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess 2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware 2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom 2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software 2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client 2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup 2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters 2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games 2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin 2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core 2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl 2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll 2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll 2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe 2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl 2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys 2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712] "B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288] "Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240] "IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576] "iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736] "DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon] 2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor] 2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware] 2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] 2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104] R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320] R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456] R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104] R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872] R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920] R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592] S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968] S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248] S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776] S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960] S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360] S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720] S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswFsBlk *Deregistered* - aswMonFlt *Deregistered* - aswRdr *Deregistered* - aswSP *Deregistered* - aswTdi *Deregistered* - SASENUM . Contents of the 'Scheduled Tasks' folder . 2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18] . 2012-03-09 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . - - - - ORPHANS REMOVED - - - - . HKLM-Run-DATAMNGR - c:progra~1SEARCH~1DatamngrDATAMN~1.EXE AddRemove-1ClickDownload - c:program files1ClickDownloaduninst.exe AddRemove-Searchqu Toolbar - c:program filesSearchqu Toolbaruninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-03-09 14:15:27 ComboFix-quarantined-files.txt 2012-03-09 19:15 ComboFix2.txt 2012-03-08 23:44 . Pre-Run: 117,515,280,384 bytes free Post-Run: 117,461,680,128 bytes free . - - End Of File - - 93F0C973E61DAFBD41BA049B41D7273E MBAM Log Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.09.07 Windows 7 Service Pack 1 x86 NTFS I
  15. The scan seemed to go off without a hitch. CF Log ComboFix 12-03-08.04 - Kelli 03/08/2012 18:26:54.3.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1870 [GMT -5:00] Running from: c:usersKelliDesktopComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:programdataTarma Installer c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setup.dll c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.dat c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.exe c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.ico c:windowssecurityDatabasetmp.edb . . ((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 ))))))))))))))))))))))))))))))) . . 2012-03-08 23:38 . 2012-03-08 23:40 -------- d-----w- c:usersKelliAppDataLocaltemp 2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp 2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersPublicAppDataLocaltemp 2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp 2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG 2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files 2012-03-06 22:49 . 2012-03-08 11:04 -------- d-----w- c:windowssystem32driversAVG 2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012 2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG 2012-03-06 22:44 . 2012-03-08 23:09 -------- d-----w- c:programdataMFAData 2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll 2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll 2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent 2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess 2012-03-06 02:44 . 2012-03-06 02:44 -------- d-----w- c:usersKelliAppDataLocalIlivid Player 2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:program filesSearchqu Toolbar 2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware 2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom 2012-03-06 02:36 . 2012-03-06 02:37 -------- d-----w- c:program files1ClickDownload 2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software 2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client 2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup 2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters 2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp 2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:usersKelliAppDataRoamingDriverCure 2012-02-23 02:55 . 2012-02-23 04:42 -------- d-----w- c:programdataDriverCure 2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:programdataParetoLogic 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin 2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games 2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin 2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core 2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl 2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll 2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll 2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe 2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl 2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys 2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016] "Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504] "IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712] "B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008] "HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288] "Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824] "Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712] "APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240] "IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576] "iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736] "DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376] "Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872] "AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~1SEARCH~1Datamngrdatamngr.dll c:progra~1SEARCH~1DatamngrIEBHO.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon] 2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor] 2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper] 2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware] 2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)] 2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] 2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104] R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320] R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456] R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104] R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872] R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920] R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592] S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968] S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608] S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248] S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872] S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928] S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832] S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776] S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960] S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360] S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272] S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720] S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904] S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswFsBlk *Deregistered* - aswMonFlt *Deregistered* - aswRdr *Deregistered* - aswSP *Deregistered* - aswTdi *Deregistered* - SASENUM . Contents of the 'Scheduled Tasks' folder . 2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18] . 2012-03-08 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000 IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl FF - user.js: extensions.funmoods_i.dfltSrch - true FF - user.js: extensions.funmoods_i.srchPrvdr - Search FF - user.js: extensions.funmoods_i.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q= FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9 FF - user.js: extensions.funmoods_i.instlDay - 15377 FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52 FF - user.js: extensions.funmoods_i.prtnrId - funmoods FF - user.js: extensions.funmoods_i.prdct - funmoods FF - user.js: extensions.funmoods_i.aflt - pvl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods_i.tlbrId - base FF - user.js: extensions.funmoods_i.instlRef - FF - user.js: extensions.funmoods_i.dfltLng - FF - user.js: extensions.funmoods_i.excTlbr - false FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{6778613D-616B-4A6C-9856-65DE943CF424} - (no file) Toolbar-10 - (no file) MSConfigStartUp-avast - c:program filesAlwil SoftwareAvast5avastUI.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-03-08 18:44:35 ComboFix-quarantined-files.txt 2012-03-08 23:44 . Pre-Run: 117,180,096,512 bytes free Post-Run: 117,167,353,856 bytes free . - - End Of File - - 57C7D75204275D6F4A1218E0FD0EEF03
×
×
  • Create New...