Jump to content
Sign in to follow this  
musicangel09

Help get rid of whatever is on my computer. Requested Logs Posted

Recommended Posts

Hey everyone!

 

I posted my request for help elsewhere and was instructed to scan and place logs on this forum. I'm hoping someone can help me get my computer back to normal. I allowed a friend to borrow my computer and it came back with everything and its neighbor wrong with it. Slow to respond, unchangable "new tab" pages, a trojan that shows up on Super Anti Spyware but not picked up elsewhere...and that's just starting. I get roughly 5-8 bluescreens a week. I will attach each of the requested logs and am willing to do whatever it takes from there.

 

Kelli

 

DDSlog

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kelli at 14:04:17 on 2012-03-07

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1568 [GMT -5:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgfws.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Kelli\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll

BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:\program files\fvd suite\addons\ie\FVDToolbar.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

uRun: [sansaDispatch] c:\users\kelli\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [b2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [DATAMNGR] c:\progra~1\search~1\datamngr\DATAMN~1.EXE

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{8E0C4269-787D-4060-94E6-623603807EFF}\7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\kelli\appdata\roaming\mozilla\firefox\profiles\g780i6nk.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=

FF - component: c:\program files\fvd suite\addons\firefox\components\fvd_connector.dll

FF - plugin: c:\progra~1\meadco~1\npmeadax.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=

FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9

FF - user.js: extensions.funmoods_i.instlDay - 15377

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52:27

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - pvl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

.

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-7 652360]

R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 62776]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-11 20464]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 379904]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:\program files\google\update\GoogleUpdate.exe [2009-9-11 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-10-5 23456]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-11 133104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-23 15872]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-1 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-06 22:50:58 -------- d-----w- c:\users\kelli\appdata\roaming\AVG2012

2012-03-06 22:50:46 -------- d--h--w- c:\programdata\Common Files

2012-03-06 22:49:09 -------- d-----w- c:\windows\system32\drivers\AVG

2012-03-06 22:49:08 -------- d-----w- c:\programdata\AVG2012

2012-03-06 22:47:52 -------- d-----w- c:\program files\AVG

2012-03-06 22:44:38 -------- d-----w- c:\programdata\MFAData

2012-03-06 11:33:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f47a61-d8a5-43de-b827-e7da3d798a35}\offreg.dll

2012-03-06 09:19:43 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d8f47a61-d8a5-43de-b827-e7da3d798a35}\mpengine.dll

2012-03-06 03:38:10 -------- d-----w- c:\program files\uTorrent

2012-03-06 02:56:14 -------- d-----w- c:\programdata\boost_interprocess

2012-03-06 02:44:46 -------- d-----w- c:\users\kelli\appdata\local\Ilivid Player

2012-03-06 02:43:36 -------- d-----w- c:\program files\Searchqu Toolbar

2012-03-06 02:43:21 -------- d-----w- c:\users\kelli\appdata\local\PackageAware

2012-03-06 02:36:51 -------- d-----w- c:\programdata\Tarma Installer

2012-03-06 02:36:44 -------- d-----w- c:\program files\fbphotozoom

2012-03-06 02:36:02 -------- d-----w- c:\program files\1ClickDownload

2012-03-02 21:48:25 -------- d-----w- c:\program files\AVAST Software

2012-02-23 07:44:38 -------- d-----w- c:\program files\Microsoft Security Client

2012-02-23 04:14:37 -------- d-----w- C:\SWsetup

2012-02-23 04:04:17 -------- d-----w- c:\programdata\PC Drivers HeadQuarters

2012-02-23 03:33:55 2168320 ----a-w- c:\windows\system32\RtkAPO.dll

2012-02-23 03:20:04 -------- d--h--w- c:\program files\Temp

2012-02-23 02:55:21 -------- d-----w- c:\users\kelli\appdata\roaming\DriverCure

2012-02-23 02:55:15 -------- d-----w- c:\programdata\ParetoLogic

2012-02-23 02:55:15 -------- d-----w- c:\programdata\DriverCure

2012-02-20 02:21:28 -------- d-----w- c:\users\kelli\appdata\roaming\Origin

2012-02-20 02:21:26 -------- d-----w- c:\users\kelli\appdata\local\Origin

2012-02-20 02:21:15 -------- d-----w- c:\program files\Origin Games

2012-02-20 02:20:43 -------- d-----w- c:\program files\Origin

2012-02-20 02:20:36 -------- d-----w- c:\programdata\EA Core

2012-02-16 05:30:32 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-16 05:30:31 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-16 05:30:25 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-16 05:30:07 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-02-07 03:52:15 -------- d-----w- c:\users\kelli\appdata\roaming\FVDToolbar

.

==================== Find3M ====================

.

2012-02-23 14:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-02-19 08:33:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 14:05:25.47 ===============

 

DDS attach log

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 1/23/2010 6:17:11 PM

System Uptime: 3/7/2012 3:10:14 AM (11 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Pentium® Dual-Core CPU T4200 @ 2.00GHz | CPU | 2000/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 113.465 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP644: 2/7/2012 4:58:13 AM - Windows Update

RP645: 2/7/2012 3:41:10 PM - Removed ooVoo

RP646: 2/10/2012 9:46:00 AM - Windows Update

RP647: 2/14/2012 4:14:12 AM - Windows Update

RP648: 2/16/2012 3:00:17 AM - Windows Update

RP649: 2/19/2012 3:35:12 AM - Windows Update

RP650: 2/19/2012 8:57:56 PM - Installed TheSims3EP4

RP651: 2/19/2012 9:05:09 PM - Installed TheSims3EP5

RP652: 2/20/2012 3:00:11 AM - Windows Update

RP653: 2/22/2012 11:02:33 PM - Installed Driver Detective.

RP655: 2/22/2012 11:44:48 PM - Configured Realtek 8169 8168 8101E 8102E Ethernet Driver

RP656: 2/23/2012 2:43:25 AM - avast! Free Antivirus Setup

RP657: 2/24/2012 12:04:19 AM - Windows Update

RP658: 2/25/2012 1:33:43 AM - Restore Operation

RP659: 2/25/2012 2:15:26 AM - Windows Update

RP660: 2/25/2012 3:00:10 AM - Windows Update

RP661: 2/28/2012 4:43:19 AM - Windows Update

RP662: 3/2/2012 4:26:59 PM - avast! Free Antivirus Setup

RP663: 3/2/2012 4:47:50 PM - avast! Free Antivirus Setup

RP664: 3/2/2012 5:02:33 PM - Installed The Sims 3

RP665: 3/6/2012 4:18:53 AM - Windows Update

RP666: 3/6/2012 5:40:50 PM - avast! Free Antivirus Setup

RP667: 3/6/2012 5:46:50 PM - Installed AVG 2012

RP668: 3/6/2012 5:48:00 PM - Installed AVG 2012

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

1ClickDownload

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Shockwave Player 11.6

Amazon Kindle

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.13 (Unicode)

AVG 2012

Bonjour

Camera Assistant Software for Toshiba

CCleaner

CD/DVD Drive Acoustic Silencer

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

D3DX10

DivX Setup

DriverAgent by eSupport.com

DVD Decrypter (Remove Only)

DVD MovieFactory for TOSHIBA

FVD Suite 2.7.3

Google Earth Plug-in

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Intel® Matrix Storage Manager

iTunes

Java Auto Updater

Java™ 6 Update 29

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.1.1000

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft WSE 3.0 Runtime

Microsoft XML Parser

Mobipocket Creator 4.2

Mozilla Firefox 10.0.2 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

OGA Notifier 2.0.0048.0

Origin

QuickBooks Financial Center

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

REALTEK RTL8187B Wireless LAN Driver

Realtek USB 2.0 Card Reader

Realtek WiFi Protected Setup Library

Sansa Updater

Searchqu Toolbar

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Skype Click to Call

Skype™ 5.5

SUPERAntiSpyware

swMSM

Synaptics Pointing Device Driver

System Requirements Lab for Intel

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Generations

The Sims™ 3 High-End Loft Stuff

The Sims™ 3 Late Night

The Sims™ 3 Pets

The Sims™ 3 World Adventures

Tinker

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Desktop Links

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.6195

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinRAR 4.01 (32-bit)

Wizard101

World of Warcraft

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/7/2012 3:12:22 AM, Error: Service Control Manager [7022] - The Internet Connection Sharing (ICS) service hung on starting.

3/7/2012 3:08:21 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

3/6/2012 12:16:56 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer HOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8E0C4269-787D-4060-94E6-623603807E. The master browser is stopping or an election is being forced.

3/3/2012 4:50:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

.

==== End Of File ===========================

 

aswMBR log

 

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-07 14:10:50

-----------------------------

14:10:50.147 OS Version: Windows 6.1.7601 Service Pack 1

14:10:50.148 Number of processors: 2 586 0x170A

14:10:50.151 ComputerName: KELLI-LAPTOP UserName: Kelli

14:10:51.779 Initialize success

14:12:21.944 AVAST engine defs: 12030700

14:12:41.401 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

14:12:41.404 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3

14:12:41.424 Disk 0 MBR read successfully

14:12:41.428 Disk 0 MBR scan

14:12:41.434 Disk 0 Windows 7 default MBR code

14:12:41.449 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

14:12:41.461 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 296325 MB offset 3074048

14:12:41.498 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7419 MB offset 609947648

14:12:41.509 Disk 0 scanning sectors +625141760

14:12:41.565 Disk 0 scanning C:\Windows\system32\drivers

14:12:55.679 Service scanning

14:13:24.608 Modules scanning

14:13:32.490 Disk 0 trace - called modules:

14:13:32.512 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

14:13:32.520 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8700b030]

14:13:32.534 3 CLASSPNP.SYS[8b94959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8620e028]

14:13:33.930 AVAST engine scan C:\Windows

14:13:37.970 AVAST engine scan C:\Windows\system32

14:17:56.386 AVAST engine scan C:\Windows\system32\drivers

14:18:19.148 AVAST engine scan C:\Users\Kelli

14:37:30.779 AVAST engine scan C:\ProgramData

14:41:31.188 Scan finished successfully

14:41:53.015 Disk 0 MBR has been saved successfully to "C:\Users\Kelli\Desktop\MBR.dat"

14:41:53.058 The log file has been saved successfully to "C:\Users\Kelli\Desktop\aswMBR.txt"

DDS.txt

DDSAttach.txt

aswMBR.txt

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09 and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.
Thank you for the logs.

 

Before we begin, please let me know if you are being redirected when you perform internet searches :)

Share this post


Link to post
Share on other sites

Thanks for the reply!

 

No, performing internet searches brings me to the correct location, but opening a new tab (that normally would result in a blank page) brings me to searchnu.com

 

i was able to disable an addon that took care of that problem, but i fear that whatever put it there in the first place is still on my computer.

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

performing internet searches brings me to the correct location

Thanks for letting me know :)

 

i fear that whatever put it there in the first place is still on my computer

We still have work to do. Please stay with me until you have the "all clear".

  • P2P Programs:

  • P2P programs are a major source of Malware infections.
  • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.
  • Information regarding the risk of using these programs can be found from here and here.
  • It is strongly recommend that you uninstall any P2P programs you have on your system.
  • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
  • A list of currently installed programs will be displayed.
  • Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.

     

     

    PLEASE NOTE:

  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
  • Combofix

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the Combofix log in your next reply :)

 

Share this post


Link to post
Share on other sites

The scan seemed to go off without a hitch.

 

CF Log

 

ComboFix 12-03-08.04 - Kelli 03/08/2012 18:26:54.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1870 [GMT -5:00]

Running from: c:usersKelliDesktopComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:programdataTarma Installer

c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setup.dll

c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll

c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.dat

c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.exe

c:programdataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}Setup.ico

c:windowssecurityDatabasetmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))

.

.

2012-03-08 23:38 . 2012-03-08 23:40 -------- d-----w- c:usersKelliAppDataLocaltemp

2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersPublicAppDataLocaltemp

2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp

2012-03-08 23:38 . 2012-03-08 23:38 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG

2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files

2012-03-06 22:49 . 2012-03-08 11:04 -------- d-----w- c:windowssystem32driversAVG

2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012

2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG

2012-03-06 22:44 . 2012-03-08 23:09 -------- d-----w- c:programdataMFAData

2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll

2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll

2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent

2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess

2012-03-06 02:44 . 2012-03-06 02:44 -------- d-----w- c:usersKelliAppDataLocalIlivid Player

2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:program filesSearchqu Toolbar

2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware

2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom

2012-03-06 02:36 . 2012-03-06 02:37 -------- d-----w- c:program files1ClickDownload

2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software

2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup

2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters

2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp

2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:usersKelliAppDataRoamingDriverCure

2012-02-23 02:55 . 2012-02-23 04:42 -------- d-----w- c:programdataDriverCure

2012-02-23 02:55 . 2012-02-23 02:55 -------- d-----w- c:programdataParetoLogic

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games

2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin

2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core

2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl

2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll

2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll

2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe

2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl

2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys

2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712]

"B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576]

"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736]

"DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]

"AppInit_DLLs"=c:progra~1SEARCH~1Datamngrdatamngr.dll c:progra~1SEARCH~1DatamngrIEBHO.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk

backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor]

2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware]

2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]

R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320]

R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456]

R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]

R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872]

R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592]

S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968]

S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776]

S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360]

S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720]

S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswFsBlk

*Deregistered* - aswMonFlt

*Deregistered* - aswRdr

*Deregistered* - aswSP

*Deregistered* - aswTdi

*Deregistered* - SASENUM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]

.

2012-03-08 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000

IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=

FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9

FF - user.js: extensions.funmoods_i.instlDay - 15377

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - pvl

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{6778613D-616B-4A6C-9856-65DE943CF424} - (no file)

Toolbar-10 - (no file)

MSConfigStartUp-avast - c:program filesAlwil SoftwareAvast5avastUI.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-08 18:44:35

ComboFix-quarantined-files.txt 2012-03-08 23:44

.

Pre-Run: 117,180,096,512 bytes free

Post-Run: 117,167,353,856 bytes free

.

- - End Of File - - 57C7D75204275D6F4A1218E0FD0EEF03

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

The scan seemed to go off without a hitch

:)

 

We need to use Combofix again but this time we will be running it in a slightly different way:

  • Please work through the following steps

  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the quotebox below into the open Notepad window:

     

    File::

    c:\progra~1\SEARCH~1\Datamngr\datamngr.dll

    c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll

     

    Folder::

    c:\program files\1ClickDownload

    c:\program files\Searchqu Toolbar

    c:\programdata\ParetoLogic

    c:\users\Kelli\AppData\Roaming\DriverCure

    c:\programdata\DriverCure

    c:\users\Kelli\AppData\Local\Ilivid Player

     

    Registry::

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=""

     

    Firefox::

    FF - ProfilePath - c:\users\Kelli\AppData\Roaming\Mozilla\Firefox\Profiles\g780i6nk.default\

    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.funmoods_i.hmpg, true

    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=pvl

    FF - user.js: extensions.funmoods_i.dfltSrch - true

    FF - user.js: extensions.funmoods_i.srchPrvdr - Search

    FF - user.js: extensions.funmoods_i.dnsErr - true

    FF - user.js: extensions.funmoods_i.newTab - true

    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=pvl

    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=pvl&q=

    FF - user.js: extensions.funmoods_i.id - fca39ecf0000000000000024d2c42ac9

    FF - user.js: extensions.funmoods_i.instlDay - 15377

    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1622:52

    FF - user.js: extensions.funmoods_i.prtnrId - funmoods

    FF - user.js: extensions.funmoods_i.prdct - funmoods

    FF - user.js: extensions.funmoods_i.aflt - pvl

    FF - user.js: extensions.funmoods_i.smplGrp - none

    FF - user.js: extensions.funmoods_i.tlbrId - base

    FF - user.js: extensions.funmoods_i.instlRef -

    FF - user.js: extensions.funmoods_i.dfltLng -

    FF - user.js: extensions.funmoods_i.excTlbr - false

     

    RegLock::

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

     

     

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

     

    Posted Image

  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.
  • Temporary File Cleaner

    • Download TFC to your desktop.
    • Close any open windows.
    • Right click the TFC icon and select "Run as Administrator" to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
    Please post the Combofix log and the MBAM log in your next reply.

Share this post


Link to post
Share on other sites

Hello once again! Here are the two logs you requested!

 

NEW CF LOG

 

ComboFix 12-03-08.04 - Kelli 03/09/2012 13:58:21.4.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1881 [GMT -5:00]

Running from: c:usersKelliDesktopComboFix.exe

Command switches used :: c:usersKelliDesktopCFScript.txt

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:progra~1SEARCH~1Datamngrdatamngr.dll"

"c:progra~1SEARCH~1DatamngrIEBHO.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:program files1ClickDownload

c:program files1ClickDownload(Demonoid.me)-Toys_by_James_Patterson.torrent

c:program files1ClickDownload1Click.cfg

c:program files1ClickDownload1ClickDownload.exe

c:program files1ClickDownloadC08AC20CCD7C0844A5442EEFB1F6BCE0F75A0C7D.status

c:program files1ClickDownloadLogContext.log

c:program files1ClickDownloadLogDownloader.log

c:program files1ClickDownloadmainpack.exe

c:program files1ClickDownloadOneClickLib.dll

c:program files1ClickDownloaduninst.exe

c:program filesSearchqu Toolbar

c:program filesSearchqu ToolbarDatamngrBrowserConnection.dll

c:program filesSearchqu ToolbarDatamngrdatamngr.dll

c:program filesSearchqu ToolbarDatamngrdatamngrUI.exe

c:program filesSearchqu ToolbarDatamngrDnsBHO.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest

c:program filesSearchqu ToolbarDatamngrFirefoxExtensionchrome.manifest.alt

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlp.xpt

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF10.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF11.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF3.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF4.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF5.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF6.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF7.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF8.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncomponentsDataMngrHlpFF9.dll

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDataMngr.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentDnsBHO.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentError404BHO.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentNewTabBHO.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentoverlay.xul

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentRelatedSearch.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSearchBHO.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSessionRestore.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettingManager.js

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioncontentSettings.xml.alt

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf

c:program filesSearchqu ToolbarDatamngrFirefoxExtensioninstall.rdf.alt

c:program filesSearchqu ToolbarDatamngrIEBHO.dll

c:program filesSearchqu ToolbarDatamngrToolBaras_guid.dat

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentbandoocode.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchengines.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentdatasearchsearch.xsl

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibabout.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibbandoocode.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanel.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpaneltransparent.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxpanelwin.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxprefwin.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxtransparentwin.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibdtxwin.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibemailnotifierproviders.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibexternal.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibneterror.xhtml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibvmncode.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentlibwmpstreamer.html

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesdatastore.jsm

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentmodulesnsDragAndDrop.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentneterror.xhtml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpartner.coupons.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentpreferences.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentradiobeta.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttemplate.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.htm

c:program filesSearchqu ToolbarDatamngrToolBarchromecontenttoolbar.xul

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmncode.js

c:program filesSearchqu ToolbarDatamngrToolBarchromecontentvmnrsswin.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbabylon_logo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbandoo.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluelite.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbluesky.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-search.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-settings.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn-widgets.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinbtn_settings.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinca.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskindictionary.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskindivider.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskindownloadcom.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskindtxlogo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinebay.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinemail_on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinfacebook.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingames.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred0_5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred1_5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred2_5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred3_5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred4_5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphred5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingraphredna.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskingrey.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinico-shield.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_amazon.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_games.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_radio_png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_seperator_png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_twitter.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinicon_youtube.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimages.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinimesh.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibadd.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibaol.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-dn.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right-disabled.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-right.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibarrow-up.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-divider.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-end.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-mdl_ff.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btn-start.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-divider.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-end.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-mdl_ff.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbg-btnover-start.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibblank.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn-widgets.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtn_slider.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnback-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnleft-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbtnright-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibbutton-splitter-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcheckmark.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibchevron.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcollapse.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibcomcast.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibdtx.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back-hot.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibedit-back.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibexpand.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibfound.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibgmail.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_blue.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_cyan.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_lime.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_magenta.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhighlight_yellow.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibhotmail.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibico-check.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibimap.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblastsearch-thumb-back.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibloadingMid.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblock.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinliblogo-separator.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmailcom.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_bg-basic.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_bar.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenu_separator_white.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitem-splitter.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemback-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemleft-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-down-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmenuitemright-vista.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmodify.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmove.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibmovetarget.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspanels.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupAbout.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupGames.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupRSS.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelscsspopupWidgets.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultcssdialog.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbg.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-search.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesbtn-wide-close.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesdefault.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-l.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-off-r.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-l.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestab-on-r.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagestransparent.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-mdl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimagesttlbar-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-mdl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right-resize.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-btm-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultimageswin-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultmain.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsdefaultscriptsdefscript.js

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsfooter.htm

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgamecategory.xsl

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameData.js

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgameList.xsl

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgames.xsl

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsgametype.xsl

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-dn.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml-drop.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-sml.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrow-up.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesarrowr-bluew5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-aboutbox.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-btnover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbg-pnl520x390.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-addtoolbar-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-back.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-close-greyover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-drag.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-mdl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-moredetails.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-next.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-play-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-previous.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-right-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-search-pnlbtm.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbtn-try-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesbullet-orange.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesgamethumb2-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-calendar.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-dollar.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-download.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-joystick24.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-news24.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-play.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesico-tags.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Add.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-download.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-Info.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-play.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesicon-shop.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgon.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesmenul-bgover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagespanel-botm-noscroll.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg-206.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-bg.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscroll-topwin.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-disable.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-down.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollb.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-disable.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-down.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesscrollt.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagessearchbox-pnlbtm.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesstar_x_orange.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesTRUSTe_about.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-detailed-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimagesview-thumb-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-16px.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets-square-24px.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsimageswidgets.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsinitHTML.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupGames.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupHTML.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupRSS.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelspopupWidgets.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpanelsscroll.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibpop.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradio.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssmanager.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiocssslider.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbg-pnl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesbtn-close-greyover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagescollapsed_button.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesexpanded_button.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-down.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-playstation.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesico-radio.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesmusic-note.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-pause.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-btn-play.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-bg.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-buffer.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-busy.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-off.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-on.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-eq-warning.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-design.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options-on.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-options.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-0.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-1.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-2.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-3.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesradio-volume-mute.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-handle.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesscrollbar-track.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslider.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagesslideron.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradioimagestrack.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiomanagerpanel.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiovolumeslider.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-buffering.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-connecting.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-playing.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta-stopped.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibradiobeta.ico

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibreload.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibremove.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrename.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibresize-box.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrss.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsschannelback.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibRSSLogo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibrsstabdivider.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibscroll-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch-go.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibsearch.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtext-ellipsis.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibthrobber.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtoolbarsplitter.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibtransparent_1px.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_02.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_03.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_04.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_06.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_07.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_08.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_09.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_10.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_11.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_12.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_13.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_14.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_15.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_16.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_18.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_19.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_20.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaborder_21.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwabtn-close-greyover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-hot.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaclose-normal.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaloadingMid.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwaproxy.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplate.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwatemplateFF.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibuwathrobber.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconscond999.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsicons.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-s.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna-t.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttoniconsna.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesadd.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesarrowr-bluew5.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue-whitebg.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbg-pnl520x350blue.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-check.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbox-uncheck.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-close-greyover.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-delete.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtn-search-pnlbtm.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next-off.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-next.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous-off.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesbtnarrow-previous.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-check.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid-s.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesico-hotandhumid.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesoptions-weather.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-blue.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesover-orange.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagespowered-by-weatherbug2.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-checked.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesradio-unchecked.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagessearchbox-pnlbtm.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelsimagesweather-contour.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibweatherbuttonpanelspopupWeather.html

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlibyahoo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlichen.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-about.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo-separator.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinlogo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmail.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmaps.bmp

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmenuseparatorback.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify-save.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodify.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmodifyhot.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinmusic.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinnews.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-main.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-search.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-weather.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinoptionsoptions-widgets.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinorange.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinpixsy.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinprotect-id.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-buffering.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-connecting.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-playing.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta-stopped.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinradiobeta.ico

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrelatedlinks.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-collapse.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-delete.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-expand.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-feed.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-remove.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder-rename.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-folder.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-found.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-reload.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss-subscribe.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrss.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrssback.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinrsstopback.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch-over.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_over_png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearch_button_png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-left.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-middle.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsearchbarsearchbar-background-right.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsettings.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinshopping.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinsiteinfo.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluelite.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-bluesky.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-grey.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-lichen.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-orange.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin-yellow.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinskin.xml

c:program filesSearchqu ToolbarDatamngrToolBarchromeskintechnorati.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinthrobber.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskintoolbarsplitter.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskintranslate.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvideo.bmp

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.css

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinvmn.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweather.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinweb.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwidgets-square-16px.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinwikipedia.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyahoosearch.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyellow.gif

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinyoutube.png

c:program filesSearchqu ToolbarDatamngrToolBarchromeskinzoom.png

c:program filesSearchqu ToolbarDatamngrToolBarcomponentswindowmediator.js

c:program filesSearchqu ToolbarDatamngrToolBardtUser.exe

c:program filesSearchqu ToolbarDatamngrToolBarmanifest.xml

c:program filesSearchqu ToolbarDatamngrToolBarsearchquband.dll

c:program filesSearchqu ToolbarDatamngrToolBarsearchqudtx.dll

c:program filesSearchqu ToolbarDatamngrToolBaruninstall.exe

c:program filesSearchqu Toolbarsysid.ini

c:program filesSearchqu Toolbaruninstall.exe

c:programdataDriverCure

c:programdataDriverCure9B13A86D3456.plf

c:programdataParetoLogic

c:programdataParetoLogicUUS2DriverCureMaster.xml

c:programdataParetoLogicUUS2DriverCurePatch.xml

c:programdataParetoLogicUUS2DriverCureUpdate.xml

c:programdataParetoLogicUUS2Master.xml

c:programdataParetoLogicUUS2Patch.xml

c:programdataParetoLogicUUS2Update.xml

c:usersKelliAppDataLocalIlivid Player

c:usersKelliAppDataLocalIlivid Playerscript.qscript

c:usersKelliAppDataRoamingDriverCure

c:usersKelliAppDataRoamingDriverCureClient.txt

c:usersKelliAppDataRoamingDriverCureLogFile.txt

c:usersKelliAppDataRoamingDriverCureServer.txt

.

.

((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))

.

.

2012-03-09 19:10 . 2012-03-09 19:11 -------- d-----w- c:usersKelliAppDataLocaltemp

2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersPublicAppDataLocaltemp

2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersMcx1-KELLI-LAPTOPAppDataLocaltemp

2012-03-09 19:10 . 2012-03-09 19:10 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-03-08 02:54 . 2012-03-08 03:06 -------- d-----w- c:usersKelliAppDataRoamingAVG

2012-03-06 22:50 . 2012-03-06 22:50 -------- d--h--w- c:programdataCommon Files

2012-03-06 22:49 . 2012-03-09 14:46 -------- d-----w- c:windowssystem32driversAVG

2012-03-06 22:49 . 2012-03-06 22:58 -------- d-----w- c:programdataAVG2012

2012-03-06 22:47 . 2012-03-08 02:53 -------- d-----w- c:program filesAVG

2012-03-06 22:44 . 2012-03-09 14:46 -------- d-----w- c:programdataMFAData

2012-03-06 11:33 . 2012-03-06 11:33 56200 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}offreg.dll

2012-03-06 09:19 . 2012-02-08 06:03 6552120 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{D8F47A61-D8A5-43DE-B827-E7DA3D798A35}mpengine.dll

2012-03-06 03:38 . 2012-03-06 03:38 -------- d-----w- c:program filesuTorrent

2012-03-06 02:56 . 2012-03-06 02:56 -------- d-----w- c:programdataboost_interprocess

2012-03-06 02:43 . 2012-03-06 02:43 -------- d-----w- c:usersKelliAppDataLocalPackageAware

2012-03-06 02:36 . 2012-03-06 02:36 -------- d-----w- c:program filesfbphotozoom

2012-03-02 21:48 . 2012-03-02 21:48 -------- d-----w- c:program filesAVAST Software

2012-02-23 07:44 . 2012-02-25 06:42 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-23 04:14 . 2012-02-23 04:14 -------- d-----w- C:SWsetup

2012-02-23 04:04 . 2012-02-23 04:04 -------- d-----w- c:programdataPC Drivers HeadQuarters

2012-02-23 03:20 . 2012-02-23 03:35 -------- d--h--w- c:program filesTemp

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataRoamingOrigin

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:usersKelliAppDataLocalOrigin

2012-02-20 02:21 . 2012-02-20 02:21 -------- d-----w- c:program filesOrigin Games

2012-02-20 02:20 . 2012-02-20 02:24 -------- d-----w- c:program filesOrigin

2012-02-20 02:20 . 2012-02-20 02:20 -------- d-----w- c:programdataEA Core

2012-02-16 05:30 . 2011-12-30 05:27 478720 ----a-w- c:windowssystem32timedate.cpl

2012-02-16 05:30 . 2011-12-16 07:52 690688 ----a-w- c:windowssystem32msvcrt.dll

2012-02-16 05:30 . 2012-01-04 08:58 442880 ----a-w- c:windowssystem32ntshrui.dll

2012-02-16 05:30 . 2012-01-14 03:35 2343424 ----a-w- c:windowssystem32win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 14:18 . 2009-11-21 04:27 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-19 08:33 . 2011-05-13 16:30 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-01-11 19:36 . 2012-01-11 19:36 1448993 ----a-w- c:programdataMicrosoftWindowsStart MenuProgramsWinRARwrar401.exe

2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl

2011-12-10 20:24 . 2011-08-11 11:40 20464 ----a-w- c:windowssystem32driversmbam.sys

2012-02-18 06:16 . 2011-06-21 21:13 134104 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SansaDispatch"="c:usersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe" [2011-12-18 79872]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2010-11-20 1174016]

"Messenger (Yahoo!)"="c:progra~1Yahoo!MESSEN~1YahooMessenger.exe" [2012-01-04 6497592]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-08-14 1348904]

"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]

"IAAnotif"="c:program filesIntelIntel Matrix Storage Manageriaanotif.exe" [2008-04-16 178712]

"B2C_AGENT"="c:programdataLGMOBILEAXB2C_ClientB2CNotiAgent.exe" [2011-06-15 404568]

"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-10-13 138008]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2011-10-13 171288]

"Persistence"="c:windowssystem32igfxpers.exe" [2011-10-13 172824]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe" [2011-11-02 59240]

"IntelliPoint"="c:program filesMicrosoft IntelliPointipoint.exe" [2011-08-01 1821576]

"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2012-01-16 421736]

"DivXUpdate"="c:program filesDivXDivX UpdateDivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:program filesMalwarebytes' Anti-Malwarembamgui.exe" [2012-01-13 460872]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2012-01-24 2416480]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM~startupfolderC:^Users^Kelli^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=c:usersKelliAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOneNote 2007 Screen Clipper and Launcher.lnk

backup=c:windowspssOneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAPSDaemon]

2011-11-02 04:25 59240 ----a-w- c:program filesCommon FilesAppleApple Application SupportAPSDaemon.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDivXUpdate]

2011-07-28 23:08 1259376 ----a-w- c:program filesDivXDivX UpdateDivXUpdate.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEKIJ5000StatusMonitor]

2010-09-02 19:23 1638400 ----a-w- c:windowsSystem32spooldriversw32x863EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]

2012-01-16 22:22 421736 ----a-w- c:program filesiTunesiTunesHelper.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware]

2012-01-13 19:53 460872 ----a-w- c:program filesMalwarebytes' Anti-Malwarembamgui.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes' Anti-Malware (reboot)]

2012-01-13 19:53 981680 ----a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]

2011-10-24 18:28 421888 ----a-w- c:program filesQuickTimeQTTask.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]

R3 dc3d;MS Hardware Device Detection Driver;c:windowssystem32DRIVERSdc3d.sys [2011-05-18 40320]

R3 DrvAgent32;DrvAgent32;c:windowssystem32DriversDrvAgent32.sys [2011-10-05 23456]

R3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 133104]

R3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2010-03-22 47360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2010-11-20 15872]

R3 SVRPEDRV;SVRPEDRV;c:windowsSystem32sysprepPEDrv.sys [2008-01-18 9216]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-03-01 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32DRIVERSWSDPrint.sys [2009-07-14 17920]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-22 51040]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx86.sys [2011-09-13 32592]

S1 Avgfwfd;AVG network filter service;c:windowssystem32DRIVERSavgfwd6x.sys [2011-05-23 47968]

S1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx86.sys [2011-10-07 230608]

S1 Avgtdix;AVG TDI Driver;c:windowssystem32DRIVERSavgtdix.sys [2011-07-11 295248]

S1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:program filesCommon FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

S2 avgfws;AVG Firewall;c:program filesAVGAVG2012avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [2011-08-02 192776]

S2 ConfigFree Service;ConfigFree Service;c:program filesTOSHIBAConfigFreeCFSvcs.exe [2008-04-17 40960]

S2 MBAMService;MBAMService;c:program filesMalwarebytes' Anti-Malwarembamservice.exe [2012-01-13 652360]

S2 TMachInfo;TMachInfo;c:program filesTOSHIBATOSHIBA Service StationTMachInfo.exe [2009-04-01 62776]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesTOSHIBASMARTLogServiceTosIPCSrv.exe [2007-12-04 126976]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [2011-07-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [2011-07-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:windowssystem32DRIVERSAVGIDSShim.Sys [2011-10-04 16720]

S3 FwLnk;FwLnk Driver;c:windowssystem32DRIVERSFwLnk.sys [2006-11-20 7168]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-12-10 20464]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt86win7.sys [2011-06-10 394856]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32DRIVERSRTL8187B.sys [2010-03-31 379904]

S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filesToshibaSmartFaceVSmartFaceVWatchSrv.exe [2008-04-25 73728]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32DRIVERSvwifimp.sys [2009-07-13 14336]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - aswFsBlk

*Deregistered* - aswMonFlt

*Deregistered* - aswRdr

*Deregistered* - aswSP

*Deregistered* - aswTdi

*Deregistered* - SASENUM

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-08 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]

.

2012-03-09 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2009-09-12 01:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~1MICROS~4Office12EXCEL.EXE/3000

IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:usersKelliAppDataRoamingMozillaFirefoxProfilesg780i6nk.default

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-DATAMNGR - c:progra~1SEARCH~1DatamngrDATAMN~1.EXE

AddRemove-1ClickDownload - c:program files1ClickDownloaduninst.exe

AddRemove-Searchqu Toolbar - c:program filesSearchqu Toolbaruninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.htmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.shtmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERS.DefaultSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.xhtmlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FirefoxHTML"

.

[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.emlUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERSS-1-5-21-1934651463-4168729035-3063580607-1000SoftwareMicrosoftWindowsCurrentVersionExplorerFileExts.vcfUserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINEsystemControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-09 14:15:27

ComboFix-quarantined-files.txt 2012-03-09 19:15

ComboFix2.txt 2012-03-08 23:44

.

Pre-Run: 117,515,280,384 bytes free

Post-Run: 117,461,680,128 bytes free

.

- - End Of File - - 93F0C973E61DAFBD41BA049B41D7273E

 

MBAM Log

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.09.07

 

Windows 7 Service Pack 1 x86 NTFS

I

Share this post


Link to post
Share on other sites

i didnt realize that the MBAM log got cut off. here's the entirety of it.

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.03.09.07

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Kelli :: KELLI-LAPTOP [administrator]

 

Protection: Enabled

 

3/9/2012 2:27:48 PM

mbam-log-2012-03-09 (14-27-48).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 207878

Time elapsed: 7 minute(s), 59 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

Also, I wanted to know if there is anything that can be done about my getting bluescreens all the time. I just recently had one again, and I get them a lot. This is what came up after the computer restarted:

 

Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.1

Locale ID: 1033

 

Additional information about the problem:

BCCode: be

BCP1: 91B13E13

BCP2: 50040121

BCP3: 8315E994

BCP4: 0000000A

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1

 

Files that help describe the problem:

C:WindowsMinidump030912-38641-01.dmp

C:UsersKelliAppDataLocaltempWER-159011-0.sysdata.xml

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

Thank you for the logs.

 

Also, I wanted to know if there is anything that can be done about my getting bluescreens all the time

We can check the integirty of your system files once we are sure that we have taken care of all of the malware.

 

Lets continue:

 

  • Please scan the following files

  • Please go to VirusTotal

  • On the page you'll find a "Choose File" button.
  • Click on the Choose File button.
  • In the File Upload window which opens, copy and paste this into the File Name box.

c:\programdata\Microsoft\Windows\Start Menu\Programs\WinRAR\wrar401.exe

 

 

  • Next, click the Open button.
  • Then click the "Send File" button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File has already been analyzed: click Reanalyze file now.
  • Once scanned, copy and paste the link to the results page in your next reply.
  • CKScanner

  • Download CKScanner by askey127 from here and save it to your Desktop.
  • Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
Please post the link to the Virus Total results page in your next reply along with the CKScanner log

 

Share this post


Link to post
Share on other sites

Virus Total Link

 

https://www.virustotal.com/file/d8f6414c57222b1740cf842245623da2bd5e1a9db03790ead39e4dfdaf24139f/analysis/1331340483/

 

CKFiles

 

CKScanner - Additional Security Risks - These are not necessarily bad

c:program filestoshiba gamesbejeweled 2 deluxewtmui_desoundsfirecrackle.ogg

c:program filestoshiba gamesbejeweled 2 deluxewtmui_defaultsoundsfirecrackle.ogg

c:program filestoshiba gamesbejeweled 2 deluxewtmui_essoundsfirecrackle.ogg

c:program filestoshiba gamesbejeweled 2 deluxewtmui_frsoundsfirecrackle.ogg

c:program filestoshiba gamesbejeweled 2 deluxewtmui_itsoundsfirecrackle.ogg

c:userskellidesktopdocumentshigh end loft# crackts3sp01.exe

c:userskellidesktopdocumentshigh end loft# cracktslhost.dll

c:userskellidesktoppatterson_ jamesstep on a crack (4182)metadata.opf

c:userskellidesktoppatterson_ jamesstep on a crack (4182)step on a crack - patterson_ james.epub

c:userskellimusicitunesitunes musicmusic50 cent_dr. dre_eminemrelapse18 crack a bottle.m4a

scanner sequence 3.DF.11.UDAPJC

----- EOF -----

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel

 

Thank you for the information.

 

Did you get the following files from a torrent site?

 

c:\users\kelli\desktop\documents\high end loft\# crack\ts3sp01.exe

c:\users\kelli\desktop\documents\high end loft\# crack\tslhost.dll

 

They appear to be related to "The Sims"

 

Please scan them with Virus Total and post the links to the scan pages in your next reply.

Share this post


Link to post
Share on other sites

I got the files from a (different) friend who, i think, may have gotten them from a torrent site. However any scan that either of us has ever ran on them turns up clean. I've had the files for a while but only just installed them recently. and i've never had any problem with them.

 

link to the first file scan:

https://www.virustotal.com/file/0e73db08343e98e9167629774fa986420d5b1617dd2ea475fe880fc7f7661f4f/analysis/1331404187/

 

link to the second file scan:

https://www.virustotal.com/file/1c97870a3f395c800099a6079dbdbcda04cd977a83fc64f57322aa9e70242c76/analysis/1331404389/

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

I got the files from a (different) friend who, i think, may have gotten them from a torrent site. However any scan that either of us has ever ran on them turns up clean. I've had the files for a while but only just installed them recently. and i've never had any problem with them.

I have reason to believe that those files may be cracked (illegal). Since this forum does not support or condone the use of cracked or keygened material of any kind you must remove these files before receiving further assistance.
  • Please download OTM

  • Please download OTM by OldTimer by clicking here.
  • Save the file (called OTM.exe) to your desktop.
  • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 

:Files
c:\users\kelli\desktop\documents\high end loft\# crack

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply.

Share this post


Link to post
Share on other sites

That's not a problem. if it's infected, I don't want it anyway. :)

 

OTM File

 

All processes killed

========== FILES ==========

c:userskellidesktopdocumentshigh end loft# Crack folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kelli

->Temp folder emptied: 100106 bytes

->Temporary Internet Files folder emptied: 1053805 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 135108857 bytes

->Flash cache emptied: 2157 bytes

 

User: Mcx1-KELLI-LAPTOP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 182 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 130.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Kelli

->Flash cache emptied: 0 bytes

 

User: Mcx1-KELLI-LAPTOP

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTM by OldTimer - Version 3.1.19.0 log created on 03112012_032849

 

Files moved on Reboot...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

Thank you for the log.

 

Lets run an online scan to check for anything that may have been missed:

 

  • Please run the following scan

  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Please post the ESET log and a new set of DDS scan logs in your next reply.

 

How is the machine running now?

Share this post


Link to post
Share on other sites

The computer is running smoother, i'll admit. havent had any problems since we've started this so i'm guessing we're on the right track! here is the scan you requested...

 

C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrBrowserConnection.dll.vir Win32/Toolbar.SearchSuite application

C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngr.dll.vir Win32/Toolbar.SearchSuite application

C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrdatamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application

C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrDnsBHO.dll.vir Win32/Toolbar.SearchSuite application

C:QooboxQuarantineCProgram FilesSearchqu ToolbarDatamngrIEBHO.dll.vir Win32/Toolbar.SearchSuite application

C:QooboxQuarantineCProgramDataTarma Installer{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application

C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc multiple threats

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

Thank you for the scan log.

 

ESET has detected a number of things held in Combofix quarantine plus a file that we will deal with now:

  • OTM

  • Double click on the OTM.exe icon to run the program. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 

:Files
C:\Users\Kelli\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120307220649714.rsc

:Commands
[Purity]
[EmptyTemp]
[Emptyflash]
[Reboot]

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply along with a new set of DDS scan logs.

Share this post


Link to post
Share on other sites

First, after running OTM, My desktop now has a good number of ghosted files--files that have once been on my desktop that i'd either moved or deleted. they're such like "~$filename.docx"

 

Here is the new OTM log:

 

 

All processes killed

========== FILES ==========

C:UsersKelliAppDataRoamingAVGRescuePC Tuneup 2011120307220649714.rsc moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kelli

->Temp folder emptied: 1429 bytes

->Temporary Internet Files folder emptied: 10300225 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 47933955 bytes

->Flash cache emptied: 456 bytes

 

User: Mcx1-KELLI-LAPTOP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 790 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 56.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Kelli

->Flash cache emptied: 0 bytes

 

User: Mcx1-KELLI-LAPTOP

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTM by OldTimer - Version 3.1.19.0 log created on 03112012_184806

Edited by musicangel09

Share this post


Link to post
Share on other sites

and the DDS Log

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kelli at 18:58:25 on 2012-03-11

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.1828 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:PROGRA~1AVGAVG2012avgrsx.exe

C:Program FilesAVGAVG2012avgcsrvx.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesCommon FilesAdobeARM1.0armsvc.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesAVGAVG2012avgfws.exe

C:Program FilesAVGAVG2012avgwdsvc.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesTOSHIBAConfigFreeCFSvcs.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesTOSHIBATOSHIBA Service StationTMachInfo.exe

C:Program FilesAVGAVG2012avgnsx.exe

C:Program FilesAVGAVG2012avgemcx.exe

C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe

C:Windowssystem32TODDSrv.exe

C:Program FilesToshibaPower SaverTosCoSrv.exe

C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe

C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe

C:Program FilesAVGAVG2012AVGIDSAgent.exe

C:Program FilesToshibaSmartFaceVSmartFaceVWatchSrv.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsRtHDVCpl.exe

C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Windowssystem32taskhost.exe

C:Program FilesMicrosoft IntelliPointipoint.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesDivXDivX UpdateDivXUpdate.exe

C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe

C:Program FilesAVGAVG2012avgtray.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program FilesAVGAVG2012avgcsrvx.exe

C:UsersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesWindows Sidebarsidebar.exe

C:Program FilesYahoo!Messengerymsgr_tray.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:program filesfvd suiteaddonsieFVDToolbar.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:program filesdivxdivx plus web playeriedivxhtml5DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:program fileswindows livecompanioncompanioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn1YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:program filesfvd suiteaddonsieFVDToolbar.dll

uRun: [sansaDispatch] c:userskelliappdataroamingsandisksansa updaterSansaDispatch.exe

uRun: [sidebar] c:program fileswindows sidebarsidebar.exe /autoRun

uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet

mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iAAnotif] c:program filesintelintel matrix storage manageriaanotif.exe

mRun: [b2C_AGENT] c:programdatalgmobileaxb2c_clientB2CNotiAgent.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe"

mRun: [intelliPoint] "c:program filesmicrosoft intellipointipoint.exe"

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray

mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000

IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:program fileswindows livecompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL

DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF}7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:userskelliappdataroamingmozillafirefoxprofilesg780i6nk.default

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:progra~1meadco~1npmeadax.dll

FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll

FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll

FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.99npGoogleUpdate3.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592]

R1 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwd6x.sys [2011-5-23 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-1-3 63928]

R2 avgfws;AVG Firewall;c:program filesavgavg2012avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776]

R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960]

R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-2-7 652360]

R2 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2008-8-18 62776]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720]

R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-8-18 7168]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-8-11 20464]

R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187B.sys [2010-3-31 379904]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filestoshibasmartfacevSmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]

S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-10-5 23456]

S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2011-2-23 15872]

S3 SVRPEDRV;SVRPEDRV;c:windowssystem32sysprepPEDRV.SYS [2008-8-21 9216]

S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-3-1 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2009-7-13 17920]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-11 17:58:52 -------- d-----w- c:program filesESET

2012-03-11 07:28:49 -------- d-----w- C:_OTM

2012-03-09 19:15:43 -------- d-sh--w- C:$RECYCLE.BIN

2012-03-09 19:15:36 -------- d-----w- c:userskelliappdatalocaltemp

2012-03-09 18:56:38 -------- d-----w- C:ComboFix

2012-03-08 23:24:06 98816 ----a-w- c:windowssed.exe

2012-03-08 23:24:06 518144 ----a-w- c:windowsSWREG.exe

2012-03-08 23:24:06 256000 ----a-w- c:windowsPEV.exe

2012-03-08 23:24:06 208896 ----a-w- c:windowsMBR.exe

2012-03-08 02:54:39 -------- d-----w- c:userskelliappdataroamingAVG

2012-03-06 22:50:58 -------- d-----w- c:userskelliappdataroamingAVG2012

2012-03-06 22:50:46 -------- d--h--w- c:programdataCommon Files

2012-03-06 22:49:09 -------- d-----w- c:windowssystem32driversAVG

2012-03-06 22:49:08 -------- d-----w- c:programdataAVG2012

2012-03-06 22:47:52 -------- d-----w- c:program filesAVG

2012-03-06 22:44:38 -------- d-----w- c:programdataMFAData

2012-03-06 11:33:03 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}offreg.dll

2012-03-06 09:19:43 6552120 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}mpengine.dll

2012-03-06 03:38:10 -------- d-----w- c:program filesuTorrent

2012-03-06 02:56:14 -------- d-----w- c:programdataboost_interprocess

2012-03-06 02:43:21 -------- d-----w- c:userskelliappdatalocalPackageAware

2012-03-06 02:36:44 -------- d-----w- c:program filesfbphotozoom

2012-03-02 21:48:25 -------- d-----w- c:program filesAVAST Software

2012-02-23 07:44:38 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-23 04:14:37 -------- d-----w- C:SWsetup

2012-02-23 04:04:17 -------- d-----w- c:programdataPC Drivers HeadQuarters

2012-02-23 03:33:55 2168320 ----a-w- c:windowssystem32RtkAPO.dll

2012-02-23 03:20:04 -------- d--h--w- c:program filesTemp

2012-02-20 02:21:28 -------- d-----w- c:userskelliappdataroamingOrigin

2012-02-20 02:21:26 -------- d-----w- c:userskelliappdatalocalOrigin

2012-02-20 02:21:15 -------- d-----w- c:program filesOrigin Games

2012-02-20 02:20:43 -------- d-----w- c:program filesOrigin

2012-02-20 02:20:36 -------- d-----w- c:programdataEA Core

2012-02-16 05:30:32 478720 ----a-w- c:windowssystem32timedate.cpl

2012-02-16 05:30:31 690688 ----a-w- c:windowssystem32msvcrt.dll

2012-02-16 05:30:25 442880 ----a-w- c:windowssystem32ntshrui.dll

2012-02-16 05:30:07 2343424 ----a-w- c:windowssystem32win32k.sys

.

==================== Find3M ====================

.

2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-19 08:33:25 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-01-04 00:48:42 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:windowssystem32jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:windowssystem32wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:windowssystem32inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:windowssystem32mshtml.tlb

.

============= FINISH: 19:00:18.66 ===============

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

My desktop now has a good number of ghosted files--files that have once been on my desktop that i'd either moved or deleted. they're such like "~filename.doxc"

Not sure how that could have happened. We certainly did'nt configure OTM to do that.

 

Lets take care of the following in the steps below:

 

  • Please work through the following steps

  • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
  • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
  • Copy and Paste the text in the quotebox below into the open Notepad window:

     

    DDS::

    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab

     

     

  • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
  • Close any open browsers.
  • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Refering to the picture below, drag CFScript.txt into ComboFix.exe

     

    Posted Image

  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • Once the log is produced, re-engage your resident anti virus.

Please post the Combofix log in your next reply and also a new DDS scan log after Combofix has completed its run.

Share this post


Link to post
Share on other sites

Okay, now we've run into a problem. I think that whatever you just did made whatever's on my computer angry or else you did something :P

 

I ran combofix just as you'd asked me to. dragging the txt file over and all. it ran, did all it needed to do. it rebooted my computer automatically and once it came back, it produced a log file for a split second before closing again. i hadn't had a chance to save the document. the problem, though, is that when i'd gone to get on the computer again to tell you, EVERYTHING gave me a notification that it could not be run because it was marked for deletion. internet explorer, firefox. i even was going to system restore but it wouldnt open. then, once again, my computer shut itself down and it's like nothing ever happened. I still dont have the CFlog, but i'm able to get on the internet.

 

/cries

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

All we did was remove a malicious activeX object related to viewpoint foistware.

 

When you say:

 

EVERYTHING gave me a notification that it could not be run because it was marked for deletion

 

Did you mean that you received messages that actually said the the following:

 

Illegal Operation attempted on a registry key that has been marked for deletion!!

 

If so, this is a known issue with Combofix that is easily resolved by rebooting the machine a few times.

 

if this is the message that you did receive, please reeboot 2-3 time and those messages ought to disappear.

 

If you are unable to find the Combofix log, please re-scan with DDS as requested and post the log in your next reply :)

Share this post


Link to post
Share on other sites

Yes, that is exactly what popped up. And restarting the computer did seem to fix it. I just wanted to make sure it wasnt anything that made it worse! whew!! Off to run DDS quick. Report to follow!

Share this post


Link to post
Share on other sites

DDS.txt file

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Kelli at 13:16:18 on 2012-03-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.2940.2003 [GMT -4:00]

.

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:PROGRA~1AVGAVG2012avgrsx.exe

C:Program FilesAVGAVG2012avgcsrvx.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program FilesCommon FilesAdobeARM1.0armsvc.exe

C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesAVGAVG2012avgfws.exe

C:Program FilesAVGAVG2012avgwdsvc.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesTOSHIBAConfigFreeCFSvcs.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesAVGAVG2012avgnsx.exe

C:Program FilesTOSHIBATOSHIBA Service StationTMachInfo.exe

C:Program FilesAVGAVG2012avgemcx.exe

C:Program FilesToshibaTOSHIBA DVD PLAYERTNaviSrv.exe

C:Windowssystem32TODDSrv.exe

C:Program FilesToshibaPower SaverTosCoSrv.exe

C:Program FilesTOSHIBASMARTLogServiceTosIPCSrv.exe

C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

C:Program FilesIntelIntel Matrix Storage ManagerIAANTMon.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Program FilesAVGAVG2012AVGIDSAgent.exe

C:Program FilesToshibaSmartFaceVSmartFaceVWatchSrv.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesAVGAVG2012avgcsrvx.exe

C:Program FilesSynapticsSynTPSynTPEnh.exe

C:WindowsRtHDVCpl.exe

C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe

C:Program FilesCommon FilesJavaJava Updatejusched.exe

C:WindowsSystem32hkcmd.exe

C:WindowsSystem32igfxpers.exe

C:Program FilesSynapticsSynTPSynTPHelper.exe

C:Program FilesMicrosoft IntelliPointipoint.exe

C:Program FilesiTunesiTunesHelper.exe

C:Program FilesDivXDivX UpdateDivXUpdate.exe

C:Program FilesAVGAVG2012avgtray.exe

C:UsersKelliAppDataRoamingSanDiskSansa UpdaterSansaDispatch.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesYahoo!Messengerymsgr_tray.exe

C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32conhost.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:program filesyahoo!companioninstallscpn1yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll

BHO: Open FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d44} - c:program filesfvd suiteaddonsieFVDToolbar.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:program filesdivxdivx plus web playeriedivxhtml5DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg2012avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:program fileswindows livecompanioncompanioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:program filesyahoo!companioninstallscpn1YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:program filesyahoo!companioninstallscpn1yt.dll

TB: FVD Suite Toolbar: {2b171655-a69c-5c18-b693-6cb5dc269d41} - c:program filesfvd suiteaddonsieFVDToolbar.dll

uRun: [sansaDispatch] c:userskelliappdataroamingsandisksansa updaterSansaDispatch.exe

uRun: [Messenger (Yahoo!)] "c:progra~1yahoo!messen~1YahooMessenger.exe" -quiet

mRun: [synTPEnh] c:program filessynapticssyntpSynTPEnh.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [iAAnotif] c:program filesintelintel matrix storage manageriaanotif.exe

mRun: [b2C_AGENT] c:programdatalgmobileaxb2c_clientB2CNotiAgent.exe

mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"

mRun: [igfxTray] c:windowssystem32igfxtray.exe

mRun: [HotKeysCmds] c:windowssystem32hkcmd.exe

mRun: [Persistence] c:windowssystem32igfxpers.exe

mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"

mRun: [APSDaemon] "c:program filescommon filesappleapple application supportAPSDaemon.exe"

mRun: [intelliPoint] "c:program filesmicrosoft intellipointipoint.exe"

mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"

mRun: [DivXUpdate] "c:program filesdivxdivx updateDivXUpdate.exe" /CHECKNOW

mRun: [Malwarebytes' Anti-Malware] "c:program filesmalwarebytes' anti-malwarembamgui.exe" /starttray

mRun: [AVG_TRAY] "c:program filesavgavg2012avgtray.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:progra~1micros~4office12EXCEL.EXE/3000

IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:program fileswindows livecompanioncompanioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1micros~4office12ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~4office12REFIEBAR.DLL

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces{8E0C4269-787D-4060-94E6-623603807EFF}7465D2F447865627 : DhcpNameServer = 148.61.1.10 148.61.1.15

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg2012avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:program fileswindows livephoto galleryAlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:userskelliappdataroamingmozillafirefoxprofilesg780i6nk.default

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=292&systemid=406&sr=0&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:progra~1meadco~1npmeadax.dll

FF - plugin: c:program filesadobereader 10.0readerairnppdf32.dll

FF - plugin: c:program filesdivxdivx ovs helpernpovshelper.dll

FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll

FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:program filesgoogleupdate1.3.21.99npGoogleUpdate3.dll

FF - plugin: c:program filesjavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:program filesmicrosoft silverlight4.1.10111.0npctrlui.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll

FF - plugin: c:program filesmozilla firefoxpluginsnpOGAPlugin.dll

FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2011-9-13 32592]

R1 Avgfwfd;AVG network filter service;c:windowssystem32driversavgfwd6x.sys [2011-5-23 47968]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:program filessuperantispywaresasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-5-10 67656]

R1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32driversvwififlt.sys [2009-7-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:program filescommon filesadobearm1.0armsvc.exe [2012-1-3 63928]

R2 avgfws;AVG Firewall;c:program filesavgavg2012avgfws.exe [2011-11-23 2391832]

R2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2012AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:program filesavgavg2012avgwdsvc.exe [2011-8-2 192776]

R2 ConfigFree Service;ConfigFree Service;c:program filestoshibaconfigfreeCFSvcs.exe [2008-4-17 40960]

R2 MBAMService;MBAMService;c:program filesmalwarebytes' anti-malwarembamservice.exe [2012-2-7 652360]

R2 TMachInfo;TMachInfo;c:program filestoshibatoshiba service stationTMachInfo.exe [2008-8-18 62776]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filestoshibasmartlogserviceTosIPCSrv.exe [2007-12-3 126976]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2011-10-4 16720]

R3 FwLnk;FwLnk Driver;c:windowssystem32driversFwLnk.sys [2008-8-18 7168]

R3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2011-8-11 20464]

R3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32driversRt86win7.sys [2011-6-10 394856]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:windowssystem32driversRTL8187B.sys [2010-3-31 379904]

R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:program filestoshibasmartfacevSmartFaceVWatchSrv.exe [2008-4-24 73728]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:windowssystem32driversvwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 gupdate1ca334727fcac9;Google Update Service (gupdate1ca334727fcac9);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:windowssystem32driversb57nd60x.sys [2009-7-13 229888]

S3 DrvAgent32;DrvAgent32;c:windowssystem32driversDrvAgent32.sys [2011-10-5 23456]

S3 fssfltr;fssfltr;c:windowssystem32driversfssfltr.sys [2010-10-21 39272]

S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2010-9-23 1493352]

S3 gupdatem;Google Update Service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-9-11 133104]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2011-2-23 15872]

S3 SVRPEDRV;SVRPEDRV;c:windowssystem32sysprepPEDRV.SYS [2008-8-21 9216]

S3 TsUsbFlt;TsUsbFlt;c:windowssystem32driversTsUsbFlt.sys [2011-2-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32watWatAdminSvc.exe [2010-3-1 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:windowssystem32driversWSDPrint.sys [2009-7-13 17920]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:program fileswindows livemeshwlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2012-03-12 15:58:04 -------- d-sh--w- C:$RECYCLE.BIN

2012-03-12 15:28:23 -------- d-----w- C:ComboFix

2012-03-11 17:58:52 -------- d-----w- c:program filesESET

2012-03-11 07:28:49 -------- d-----w- C:_OTM

2012-03-09 19:15:36 -------- d-----w- c:userskelliappdatalocaltemp

2012-03-08 23:24:06 98816 ----a-w- c:windowssed.exe

2012-03-08 23:24:06 518144 ----a-w- c:windowsSWREG.exe

2012-03-08 23:24:06 256000 ----a-w- c:windowsPEV.exe

2012-03-08 23:24:06 208896 ----a-w- c:windowsMBR.exe

2012-03-08 02:54:39 -------- d-----w- c:userskelliappdataroamingAVG

2012-03-06 22:50:58 -------- d-----w- c:userskelliappdataroamingAVG2012

2012-03-06 22:50:46 -------- d--h--w- c:programdataCommon Files

2012-03-06 22:49:09 -------- d-----w- c:windowssystem32driversAVG

2012-03-06 22:49:08 -------- d-----w- c:programdataAVG2012

2012-03-06 22:47:52 -------- d-----w- c:program filesAVG

2012-03-06 22:44:38 -------- d-----w- c:programdataMFAData

2012-03-06 11:33:03 56200 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}offreg.dll

2012-03-06 09:19:43 6552120 ----a-w- c:programdatamicrosoftwindows defenderdefinition updates{d8f47a61-d8a5-43de-b827-e7da3d798a35}mpengine.dll

2012-03-06 03:38:10 -------- d-----w- c:program filesuTorrent

2012-03-06 02:56:14 -------- d-----w- c:programdataboost_interprocess

2012-03-06 02:43:21 -------- d-----w- c:userskelliappdatalocalPackageAware

2012-03-06 02:36:44 -------- d-----w- c:program filesfbphotozoom

2012-03-02 21:48:25 -------- d-----w- c:program filesAVAST Software

2012-02-23 07:44:38 -------- d-----w- c:program filesMicrosoft Security Client

2012-02-23 04:14:37 -------- d-----w- C:SWsetup

2012-02-23 04:04:17 -------- d-----w- c:programdataPC Drivers HeadQuarters

2012-02-23 03:33:55 2168320 ----a-w- c:windowssystem32RtkAPO.dll

2012-02-23 03:20:04 -------- d--h--w- c:program filesTemp

2012-02-20 02:21:28 -------- d-----w- c:userskelliappdataroamingOrigin

2012-02-20 02:21:26 -------- d-----w- c:userskelliappdatalocalOrigin

2012-02-20 02:21:15 -------- d-----w- c:program filesOrigin Games

2012-02-20 02:20:43 -------- d-----w- c:program filesOrigin

2012-02-20 02:20:36 -------- d-----w- c:programdataEA Core

2012-02-16 05:30:32 478720 ----a-w- c:windowssystem32timedate.cpl

2012-02-16 05:30:31 690688 ----a-w- c:windowssystem32msvcrt.dll

2012-02-16 05:30:25 442880 ----a-w- c:windowssystem32ntshrui.dll

2012-02-16 05:30:07 2343424 ----a-w- c:windowssystem32win32k.sys

.

==================== Find3M ====================

.

2012-02-23 14:18:36 237072 ------w- c:windowssystem32MpSigStub.exe

2012-02-19 08:33:25 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2012-01-04 00:48:42 354176 ----a-w- c:windowssystem32DivXControlPanelApplet.cpl

2011-12-14 03:04:54 1798656 ----a-w- c:windowssystem32jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:windowssystem32wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:windowssystem32inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:windowssystem32mshtml.tlb

.

============= FINISH: 13:17:00.59 ===============

Share this post


Link to post
Share on other sites
JonTom   

Hello musicangel09

 

Yes, that is exactly what popped up. And restarting the computer did seem to fix it.

:)

 

I just wanted to make sure it wasnt anything that made it worse! whew!!

No problem, you did the right thing by stopping and asking.

 

Now for the good news..... your DDS log appears to be clean :)

 

Are you still getting the frequent blue screens?

 

If so please do the following (you may be asked for your XP installation disk).

 

 

  • System File Checker

  • Click on "Start" and then on "Run".
  • Copy and paste the following text into the Run box that opens:

sfc /scannow

 

  • Press Enter.
  • Let the system file checker run unhindered.
  • Note: The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.
  • You may have to exit the scan should you be notified that an installation disk is required and you do not have one (please let me know if this is the case).

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×