Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Trojan horse hider.mpr

This is a discussion on Trojan horse hider.mpr within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hey, I am bit of a novice with computers and only have this one for home study so i'm kinda


 
 
Thread Tools Search this Thread
Old 07-11-2012, 05:03 PM   #1
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey, I am bit of a novice with computers and only have this one for home study so i'm kinda reliant on it so any help would be greatly appreciated.

A while back i had some problems with Kaspersky and ended up replacing it with AVG and it gave me premium on a free trial, and it seems when the free trial ran out i was unprotected until i manually switched to the free version.

I'm not sure how the long i was unprotected but a few days ago i switched to the free version and i got security alerts warning of a trojan horse hider.mpr and there are now stacks of viruses listed in the vault, all of which are either Win32/Cryptor or Win32/Zbot.O

I've been unable to access AVG website, unable to use Cometbird browser when i try to start it - CometBird.exe System Error the programme can't start because mozcpp19.dll is missing from your computer. Windows live mail isn't working. I'm not sure what else is corrupted.

When i was trying to download the GMER rootkit scanner i couldn't access that web page. Although i now realise i have a 64bit so don't need to do that bit, right?

Unfortunately not been able to find my install disc or boot cd?

Thanks for reading and i would be very thankful for any help,

Cara

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by OU Student at 23:05:52 on 2012-07-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.668 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe
C:\Users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe
C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\PROGRA~2\AVG\AVG2012\PCTuneup\MICROS~1.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rangers.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe,C:\Users\OU Student\AppData\Local\auttvlmn\ibigglve.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Registry Reviver] C:\Program Files (x86)\ReviverSoft\Registry Reviver\RegistryReviver.exe
uRun: [Google Update] "C:\Users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [MediaGet2] C:\Users\OU Student\AppData\Local\MediaGet2\mediaget.exe --minimized
uRun: [Akamai NetSession Interface] "C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "C:\Users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [IbiGglve] C:\Users\OU Student\AppData\Local\auttvlmn\ibigglve.exe
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\245414E4353454E454 : DhcpNameServer = 168.95.0.102
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\35B4951353139323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\35B4951383738323 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\OU Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-11 00:29:49 -------- d-----w- C:\Users\OU Student\AppData\Local\{832F2FBA-F4A8-48D1-B41F-2AD6444C7061}
2012-07-09 22:22:14 93420 ----a-w- C:\Users\OU Student\0.5875678921266417.exe
2012-07-09 20:07:49 -------- d-----w- C:\Users\OU Student\AppData\Local\{BD0E5CCA-95D8-4818-87AA-22E76F4D6817}
2012-07-09 20:07:26 -------- d-----w- C:\Users\OU Student\AppData\Local\{A21C55A2-1FD7-40A9-9DE3-7605B1D2471F}
2012-07-09 11:14:31 -------- d-----w- C:\Users\OU Student\AppData\Local\DDMSettings
2012-07-09 08:07:05 -------- d-----w- C:\Users\OU Student\AppData\Local\{D9100E1E-8EB1-479E-9B77-F14047D0A812}
2012-07-09 0848 -------- d-----w- C:\Users\OU Student\AppData\Local\{FF9A031A-12D8-42DB-8E8F-B7058FB05D29}
2012-07-08 19:39:25 -------- d-----w- C:\Users\OU Student\AppData\Local\{B5628BCA-CBAD-4AA8-9B43-76915DC25CD1}
2012-07-08 19:38:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{6E6F543E-640E-4451-AA92-1745EB7288B3}
2012-07-08 07:39:23 -------- d-----w- C:\Users\OU Student\AppData\Local\{4BFCEF8B-25BA-4C89-80CB-DB2B292419C2}
2012-07-07 15:39:00 -------- d-----w- C:\Users\OU Student\AppData\Local\{ED040F25-5276-4DD3-B145-DFD6711A89AD}
2012-07-07 15:38:47 -------- d-----w- C:\Users\OU Student\AppData\Local\{A45D7487-6F94-4E7F-9B6D-85E3DB41BAC9}
2012-07-07 03:15:15 -------- d-----w- C:\Users\OU Student\AppData\Local\{6D3C632E-65E0-4A5D-90B9-E11B8271ED2A}
2012-07-07 03:14:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{45921D89-E5D0-4134-B1A4-0A3CE3BDA9A6}
2012-07-06 15:13:25 -------- d-----w- C:\Users\OU Student\AppData\Local\{F20A0CDD-282B-404C-9361-FCE89520FE08}
2012-07-06 15:12:34 -------- d-----w- C:\Users\OU Student\AppData\Local\{B58DC319-18CF-4140-BCB7-2F60DDCCB7DB}
2012-07-05 02:05:29 -------- d-----w- C:\Users\OU Student\AppData\Local\{4759D75A-9DF7-489D-A864-74C82FC55492}
2012-07-05 02:05:06 -------- d-----w- C:\Users\OU Student\AppData\Local\{60744B0F-31ED-4944-AFA2-DF210C4B4E30}
2012-07-04 14:04:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{A30E86DA-9B01-444F-B8AF-6B7D5B1C0DE2}
2012-07-04 14:04:23 -------- d-----w- C:\Users\OU Student\AppData\Local\{99AEEA1F-053D-4DCC-9611-0C56533D64E6}
2012-06-29 23:38:14 -------- d-----w- C:\Users\OU Student\AppData\Local\{71829603-78A0-412F-852D-B515CB6358AE}
2012-06-29 23:37:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{9DFF56FE-F438-4C27-A510-876ADDE833C3}
2012-06-29 11:37:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{F4FF3494-5C38-434F-BF6A-574E31D10876}
2012-06-29 11:37:06 -------- d-----w- C:\Users\OU Student\AppData\Local\{AB7F7057-F15A-4B72-AE9D-6AD1EE4967DF}
2012-06-28 23:36:27 -------- d-----w- C:\Users\OU Student\AppData\Local\{6F705892-809C-44F6-B140-5A37F7F393CF}
2012-06-28 23:36:04 -------- d-----w- C:\Users\OU Student\AppData\Local\{1DED7306-F598-4AC9-A738-C2976F607241}
2012-06-28 10:20:53 -------- d-----w- C:\Users\OU Student\AppData\Local\{D6F13A0B-81AD-4811-968E-1C8800E56892}
2012-06-28 10:20:41 -------- d-----w- C:\Users\OU Student\AppData\Local\{05D87A8A-6AAD-446F-B9B2-BA9F8F373955}
2012-06-27 18:08:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{0592775F-50F7-4C12-9207-25AE94F7E17C}
2012-06-27 18:08:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{20CB50C3-867A-4915-B649-7672A5E88062}
2012-06-27 15:32:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-27 15:32:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-27 15:32:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-27 10:27:31 -------- d-----w- C:\Program Files (x86)\iLivid
2012-06-27 10:26:43 -------- d-----w- C:\Program Files (x86)\Searchqu Toolbar
2012-06-27 10:24:39 -------- d-----w- C:\Program Files (x86)\Graboid
2012-06-26 22:54:54 -------- d-----w- C:\Users\OU Student\AppData\Local\{B84F3AB0-62CF-4C90-BDC0-04360ADB4FDC}
2012-06-26 22:54:41 -------- d-----w- C:\Users\OU Student\AppData\Local\{C7FA51D0-BDF2-45B9-8752-C901CABA6B33}
2012-06-26 10:13:21 -------- d-----w- C:\Users\OU Student\AppData\Local\{C721DECF-B6E4-4F2D-B55B-DDE8CC1EA4A1}
2012-06-26 10:13:09 -------- d-----w- C:\Users\OU Student\AppData\Local\{FC614B30-4FA7-4597-9B4C-744876A428F9}
2012-06-25 14:59:39 -------- d-----w- C:\Users\OU Student\AppData\Local\{4F30F5CF-B758-4A1C-834B-8A6AA878B10D}
2012-06-25 14:59:27 -------- d-----w- C:\Users\OU Student\AppData\Local\{25F324E8-5205-4D35-8374-B923CC779EE7}
2012-06-25 00:22:05 -------- d-----w- C:\Users\OU Student\AppData\Local\{7F64BA51-4CF6-494F-A468-3F3A48767856}
2012-06-25 00:21:53 -------- d-----w- C:\Users\OU Student\AppData\Local\{43734504-25EB-4B3E-84CC-907E97F7A903}
2012-06-25 00:19:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{C0763242-69E8-40EB-B109-BF8F4B823E6D}
2012-06-25 00:19:04 -------- d-----w- C:\Users\OU Student\AppData\Local\{60CEAFD2-BC4E-414E-B166-B12DA25DBE65}
2012-06-24 10:46:44 -------- d-----w- C:\Users\OU Student\AppData\Local\{90A08119-D02E-4638-8D8A-32A54DD6AC5D}
2012-06-24 10:46:29 -------- d-----w- C:\Users\OU Student\AppData\Local\{16AA74E9-34E8-4C02-A24E-FE273BF0570E}
2012-06-23 18:22:18 -------- d-----w- C:\Users\OU Student\AppData\Local\{69B87DAC-CC05-494E-A82F-FDFEAC90FA37}
2012-06-23 18:22:07 -------- d-----w- C:\Users\OU Student\AppData\Local\{84521D21-1673-4560-B03B-4BCA5834B512}
2012-06-23 00:11:09 -------- d-----w- C:\Users\OU Student\AppData\Local\{04947B3B-8E19-415D-A73B-41A1ADCCCB08}
2012-06-23 00:10:46 -------- d-----w- C:\Users\OU Student\AppData\Local\{41B2185E-33C0-42B3-8541-247EE6189C65}
2012-06-21 23:44:11 -------- d-----w- C:\Users\OU Student\AppData\Local\{FC71A084-022B-4B0A-B4E9-53953336034E}
2012-06-21 23:43:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{26E66ED4-56FA-4808-8271-E5F846CE4088}
2012-06-20 11:41:59 -------- d-----w- C:\Users\OU Student\AppData\Local\{C3D71379-5238-4810-AB52-240BF035498C}
2012-06-20 11:41:36 -------- d-----w- C:\Users\OU Student\AppData\Local\{037AC278-E15B-4F1A-A32B-F5A8CFB53D2C}
2012-06-19 23:41:04 -------- d-----w- C:\Users\OU Student\AppData\Local\{AA8ECE0E-04C4-4F23-B5B4-28EFF5E457EF}
2012-06-19 23:40:36 -------- d-----w- C:\Users\OU Student\AppData\Local\{C980B114-175B-4251-B0C1-69F7DFCF7011}
2012-06-19 11:39:59 -------- d-----w- C:\Users\OU Student\AppData\Local\{4C9AACF6-2F8F-47F8-AA1B-E64FBC0D8203}
2012-06-19 11:39:33 -------- d-----w- C:\Users\OU Student\AppData\Local\{DF1FD979-D4D4-414E-A775-4163C71BC7B3}
2012-06-18 23:39:02 -------- d-----w- C:\Users\OU Student\AppData\Local\{EC81E097-0A3C-41FD-8B62-C6DB2E1FE59C}
2012-06-18 23:38:38 -------- d-----w- C:\Users\OU Student\AppData\Local\{0DB8B650-E490-4F1A-A001-3304C8582147}
2012-06-17 16:28:51 -------- d-----w- C:\Users\OU Student\AppData\Local\{75CA0868-B9C0-49BE-8139-6BA14A0C2188}
2012-06-17 16:28:27 -------- d-----w- C:\Users\OU Student\AppData\Local\{6BF5BDE2-E93E-4AA7-8C17-3B2DB949814F}
2012-06-16 22:43:34 -------- d-----w- C:\Users\OU Student\AppData\Local\{530F971A-6EC4-4CE4-859D-D392F30B9E91}
2012-06-16 22:43:22 -------- d-----w- C:\Users\OU Student\AppData\Local\{A4EF9492-DB32-4CC2-8A59-36727C4744E0}
2012-06-16 07:58:38 -------- d-----w- C:\Users\OU Student\AppData\Local\{2586E539-A12C-446F-AFF4-EF3BA0E26C99}
2012-06-15 18:45:33 -------- d-----w- C:\Users\OU Student\AppData\Local\{ACC4CBC1-EE32-47C0-BC6D-1DCA8AB8A868}
2012-06-15 18:45:17 -------- d-----w- C:\Users\OU Student\AppData\Local\{1A29C192-0D28-4269-A630-774E9B65156F}
2012-06-14 22:49:42 -------- d-----w- C:\Users\OU Student\AppData\Local\{60848A9F-BB51-4C7D-A521-534EE4710FE7}
2012-06-14 22:49:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{ACFBDBDC-7D3C-41D0-B99E-910A74B70EC5}
2012-06-13 17:36:24 -------- d-----w- C:\Users\OU Student\AppData\Local\{760C632C-4355-452C-A31A-1B92BFC574C6}
2012-06-13 17:36:03 -------- d-----w- C:\Users\OU Student\AppData\Local\{A0A312D2-7D7E-4C38-BBFB-89FF5CE08A67}
2012-06-13 02:20:20 -------- d-----w- C:\Users\OU Student\AppData\Local\{0A3FF54A-0825-4FD9-A600-80D2C00F55DE}
2012-06-13 02:19:54 -------- d-----w- C:\Users\OU Student\AppData\Local\{D3D1819E-FDF1-43F9-BE3D-27370A305EE9}
2012-06-13 01:02:34 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 01:02:34 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 01:02:34 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 01:02:22 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 01:02:16 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 01:02:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 01:02:12 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 01:02:10 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 01:02:05 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 01:02:04 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 01:02:02 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 01:01:49 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 01:01:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 01:01:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 01:01:46 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 01:01:46 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 01:01:46 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-12 00:51:59 -------- d-----w- C:\Users\OU Student\AppData\Local\{98AA84F1-78DC-4798-943D-97AB25FD9F32}
2012-06-12 00:51:47 -------- d-----w- C:\Users\OU Student\AppData\Local\{9155E4AB-F8B3-4A59-88F3-5E5B5C292A5F}
.
==================== Find3M ====================
.
2012-07-11 21:46:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 21:46:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-27 00:03:25 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-27 00:03:25 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 0248 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 23:09:43.50 ===============
Attached Files
File Type: zip Attach.zip (2.4 KB, 44 views)
CaraMac is offline  
Sponsored Links
Advertisement
 
Old 07-14-2012, 03:21 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It is possible you won't be able to access this site either, but try and let me know.

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Users\OU Student\0.5875678921266417.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analyzed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
  • Please repeat for the following file:

    C:\Users\OU Student\AppData\Local\auttvlmn\ibigglve.exe
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-15-2012, 02:07 PM   #3
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hi chemist thanks for your reply, I copied and pasted the bold text but both times it said the file name was not valid. I also tried typing the text just in case but no difference. Is there something else i should do?

Thanks, Cara x
CaraMac is offline  
Sponsored Links
Advertisement
 
Old 07-15-2012, 05:38 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello CaraMac.

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-16-2012, 02:49 AM   #5
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hi chemist,

Thanks again for taking the time to help me. I have ran the ESET Online Scanner as instructed. Here is the list of found threats.

C:\Program Files (x86)\Solid MKV to DVD Converter and Burner\encode.exe a variant of Win32/Ramnit.T virus
C:\Program Files (x86)\Sun\StarOffice 9\Basis\program\python-core-2.3.4\lib\distutils\command\wininst.exe a variant of Win32/Ramnit.T virus
C:\Users\OU Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15HBNKBO\VeohWebPlayerSetup_eng[1].exe Win32/OpenCandy application
C:\Users\OU Student\AppData\LocalLow\FunWebProducts\Installr\Cache\0157ACA9.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\OU Student\AppData\LocalLow\Retrogamer_4wEI\Installr\Cache\028829CB.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\OU Student\Downloads\avc-free.exe Win32/OpenCandy application
C:\Users\OU Student\Downloads\gimpshop.exe a variant of Win32/InstallIQ application
C:\Users\OU Student\Downloads\HAYES_CARLL_(dvd)_Live_IN_WXPN_World_Cafe_in_the_City_Philade.exe Win32/Adware.1ClickDownload.B application
C:\Users\OU Student\Downloads\IWON(2).exe a variant of Win32/AdInstaller application
C:\Users\OU Student\Downloads\IWON.exe a variant of Win32/AdInstaller application
C:\Users\OU Student\Downloads\Ray_Wylie_Hubbard_And_The_Cowboy_Twinkies_2011_320kbps_Mp3.exe Win32/Adware.1ClickDownload.C application
C:\Users\OU Student\Downloads\The_Artist_(2011)DvDRip_Xvid-s.exe Win32/Adware.1ClickDownload.B application
C:\Users\OU Student\Downloads\The_Hunger_Games_2012_V2_TS_XViD_NEW_SOURCE__DTRG.exe Win32/Adware.1ClickDownload.C application
C:\Users\OU Student\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.P application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\avc-free.exe Win32/OpenCandy application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_avc-free_exe(2).exe a variant of Win32/InstallCore.D application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_avc-free_exe.exe a variant of Win32/InstallCore.D application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_MkvDVDSetup_exe(2).exe a variant of Win32/InstallCore.D application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_MkvDVDSetup_exe.exe a variant of Win32/InstallCore.D application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet_rcsetup140_exe.exe a variant of Win32/InstallCore.D application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Facemoods.exe probably a variant of Win32/InstallCore.A application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\HAYES_CARLL_(dvd)_Live_IN_WXPN_World_Cafe_in_the_City_Philade.exe Win32/Adware.1ClickDownload.B application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\IWON(2).exe a variant of Win32/AdInstaller application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\IWON.exe a variant of Win32/AdInstaller application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Retrogamer(2).exe Win32/AdInstaller application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Retrogamer.exe Win32/AdInstaller application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\setup.exe Win32/Adware.Bundlore application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\transformers_prime__darkness_rising_352p_h264_by_ali_baloch_[h33t].exe a variant of Win32/MediaGet application
G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\XvidSetup.exe a variant of Win32/Adware.HotBar.H application
G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 1.zip Win32/Ramnit.A virus
G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 2.zip Win32/Ramnit.A virus
CaraMac is offline  
Old 07-16-2012, 10:46 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, CaraMac. You are infected with Ramnit, a file infector. It does not seem to have taken over your machine yet.

We can try to clean it, but I cannot guarantee at the end you are completely clean.

Most recommend a complete reformat.

------------------------------------------------------

These two applications are already infected:

Solid MKV to DVD Converter and Burner
StarOffice 9


You will have to uninstall them now then reinstall them later.

Your backup files are also infected and will have to be deleted now:

G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 1.zip Win32/Ramnit.A virus
G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 2.zip Win32/Ramnit.A virus


------------------------------------------------------

Ramnit is also a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-17-2012, 03:55 AM   #7
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey, i've uninstalled star office, but Solid Mkv video converter was not listed in the uninstall programmes list. However it does show on the programme files list, i deleted it from here. I have also deleted my back up. I had to run combofix twice because the first time i was using chrome and it did't give me the opportunity to save to the desktop. Here is the combo fix log

Thanks again, Cara x


ComboFix 12-07-16.01 - OU Student 17/07/2012 11:20:23.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.945 [GMT 1:00]
Running from: c:\users\OU Student\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-17 10:31 . 2012-07-17 10:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 02:48 . 2012-07-16 02:48 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 23:19 . 2012-07-15 23:19 -------- d-----w- c:\users\OU Student\AppData\Local\Macromedia
2012-07-12 12:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:19 . 2012-07-11 22:19 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 11:14 . 2012-07-09 11:14 -------- d-----w- c:\users\OU Student\AppData\Local\DDMSettings
2012-06-27 15:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-27 15:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-27 15:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-27 15:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 15:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-27 15:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-27 15:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 15:32 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-27 15:32 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-27 10:27 . 2012-06-28 00:21 -------- d-----w- c:\program files (x86)\iLivid
2012-06-27 10:26 . 2012-06-28 00:21 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2012-06-27 10:24 . 2012-06-27 10:25 -------- d-----w- c:\program files (x86)\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:19 . 2012-04-02 01:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 22:19 . 2011-06-02 01:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 08:25 . 2012-07-12 12:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-27 00:03 . 2012-05-27 00:03 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-27 00:03 . 2010-09-22 22:12 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-08 17:02 . 2012-06-05 15:52 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A97063EF-9B1F-4B8E-ACF0-C1F2A0396AC8}\mpengine.dll
2012-05-04 11:06 . 2012-06-13 01:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 01:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 01:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 01:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 01:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 01:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 01:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 01:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 01:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 01:01 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 01:01 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 01:01 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 01:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 01:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( [email protected]_09.53.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-04 14:08 . 2012-07-17 10:35 46710 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 10:35 43520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-07-29 08:20 . 2012-07-17 10:35 17424 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2252443515-773699113-3761594329-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-07-17 10:07 86368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-07-17 09:52 . 2012-07-17 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-17 10:33 . 2012-07-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-17 09:52 . 2012-07-17 09:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 10:33 . 2012-07-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-07-17 09:50 340988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-17 10:31 340988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2012-07-17 10:06 6989133 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-15 09:51 6989133 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-25 22:28 . 2012-07-17 10:31 2560184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2252443515-773699113-3761594329-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"Facebook Update"="c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\OU Student\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\ShotOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2008-07-15 79664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-25 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:19]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000Core.job
- c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-04 21:46]
.
2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000UA.job
- c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-04 21:46]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:06]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:06]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000Core.job
- c:\users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 00:44]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000UA.job
- c:\users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.rangers.co.uk/
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*¿AH\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*²¶a?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-17 11:46:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 10:46
ComboFix2.txt 2012-07-17 10:07
.
Pre-Run: 3,406,548,992 bytes free
Post-Run: 3,360,215,040 bytes free
.
- - End Of File - - ACFEC29FF3899D522C6C4A14B288B5E2
CaraMac is offline  
Old 07-17-2012, 08:53 AM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, CaraMac. I need to see the first ComboFix log.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\ComboFix2.txt

A text file should open. Please post the contents of that file in your next reply.

------------------------------------------------------

Also...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    Solid MKV*
    StarOffice*
    
    :regfind
    MKV
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-17-2012, 07:20 PM   #9
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey chemist, here is the 1st ComboFix log

ComboFix 12-07-16.01 - OU Student 17/07/2012 10:34:11.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.870 [GMT 1:00]
Running from: c:\users\OU Student\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\users\OU Student\AppData\Local\cyvoslnr.log
c:\users\OU Student\AppData\Local\jclwvldt.log
c:\users\OU Student\AppData\Local\kssldkia.log
c:\users\OU Student\AppData\Local\lpiebrlq.log
c:\users\OU Student\AppData\Local\nymiclrf.log
c:\users\OU Student\AppData\Local\olgvmgru.log
c:\users\OU Student\AppData\Local\vrmcbdmq.log
c:\users\OU Student\AppData\Local\xndyncqt.log
c:\windows\security\Database\tmp.edb
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))
.
.
2012-07-16 02:48 . 2012-07-16 02:48 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 23:19 . 2012-07-15 23:19 -------- d-----w- c:\users\OU Student\AppData\Local\Macromedia
2012-07-12 12:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:19 . 2012-07-11 22:19 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 11:14 . 2012-07-09 11:14 -------- d-----w- c:\users\OU Student\AppData\Local\DDMSettings
2012-06-27 15:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-27 15:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-27 15:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-27 15:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 15:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-27 15:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-27 15:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 15:32 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-27 15:32 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-27 10:27 . 2012-06-28 00:21 -------- d-----w- c:\program files (x86)\iLivid
2012-06-27 10:26 . 2012-06-28 00:21 -------- d-----w- c:\program files (x86)\Searchqu Toolbar
2012-06-27 10:24 . 2012-06-27 10:25 -------- d-----w- c:\program files (x86)\Graboid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:19 . 2012-04-02 01:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 22:19 . 2011-06-02 01:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 08:25 . 2012-07-12 12:26 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 04:40 . 2012-07-11 06:14 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 06:14 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:34 . 2012-07-11 06:14 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-27 00:03 . 2012-05-27 00:03 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-27 00:03 . 2010-09-22 22:12 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-08 17:02 . 2012-06-05 15:52 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A97063EF-9B1F-4B8E-ACF0-C1F2A0396AC8}\mpengine.dll
2012-05-04 11:06 . 2012-06-13 01:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 01:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 01:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 01:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 01:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 01:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 01:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 01:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 01:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 01:01 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 01:01 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 01:01 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 01:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 01:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"Facebook Update"="c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\OU Student\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\ShotOnline\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2008-07-15 79664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-25 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:19]
.
2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000Core.job
- c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-04 21:46]
.
2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000UA.job
- c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-04 21:46]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:06]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:06]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000Core.job
- c:\users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 00:44]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2252443515-773699113-3761594329-1000UA.job
- c:\users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-12 00:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.rangers.co.uk/
mStart Page = hxxp://startsear.ch/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{942cd1d4-9cc1-4d31-876a-ea8f489f7a59} - (no file)
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-Registry Reviver - c:\program files (x86)\ReviverSoft\Registry Reviver\RegistryReviver.exe
Wow6432Node-HKCU-Run-MediaGet2 - c:\users\OU Student\AppData\Local\MediaGet2\mediaget.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
SafeBoot-MCODS
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{942CD1D4-9CC1-4D31-876A-EA8F489F7A59} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570} - c:\program files (x86)\InstallShield Installation Information\{C2DDF845-7107-40E8-8D2A-8719F1799570}\setup.exe
AddRemove-InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38} - c:\program files (x86)\InstallShield Installation Information\{D4322448-B6AF-4316-B859-D8A0E84DCB38}\setup.exe
AddRemove-{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-{5279374D-87FE-4879-9385-F17278EBB9D3} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-{620BBA5E-F848-4D56-8BDA-584E44584C5E} - c:\progra~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-{8833FFB6-5B0C-4764-81AA-06DFEED9A476} - c:\program files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe
AddRemove-{AC6569FA-6919-442A-8552-073BE69E247A} - c:\program files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*¿AH\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*²¶a?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
.
**************************************************************************
.
Completion time: 2012-07-17 11:07:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-17 10:06
.
Pre-Run: 3,510,358,016 bytes free
Post-Run: 3,360,464,896 bytes free
.
- - End Of File - - D38400B3FBCC46B520C3E689321C0568


And the SystemLook one

SystemLook 30.07.11 by jpshortstuff
Log created at 03:08 on 18/07/2012 by OU Student
Administrator - Elevation successful

========== folderfind ==========

Searching for "Solid MKV*"
C:\Users\OU Student\AppData\Local\VirtualStore\Program Files (x86)\Solid MKV to DVD Converter and Burner d------ [15:47 06/12/2011]

Searching for "StarOffice*"
C:\Program Files (x86)\Sun\StarOffice 9 d------ [09:41 29/07/2010]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarOffice 9 d------ [09:42 29/07/2010]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StarOffice 9 d------ [09:42 29/07/2010]
C:\Users\OU Student\AppData\Roaming\StarOffice d------ [23:28 21/09/2010]

========== regfind ==========

Searching for "MKV"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mkv]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mkv]
[HKEY_CURRENT_USER\Software\tvp]
"Path"="C:\Program Files (x86)\Free MKV Video2Dvd\Skins\"
[HKEY_CURRENT_USER\Software\VirtualDJ]
"FileTypes"="mp3,1,wav,2,cda,3,wma,4,asf,4,ogg,5,vdj,6,vds,6,m4a,21,aac,21,aif,21,aiff,21,flac,21,mpc,21,ape,21,avi,11,mpg,11,mpeg,11,wmv,11,vob,11,mov,11,divx,11,mp4,11,m4v,11,vix,11,mkv,11,flv,11,zip,15,"
[HKEY_CURRENT_USER\Software\Classes\.mkv]
[HKEY_CURRENT_USER\Software\Classes\.mkv]
@="tigerplayer.mkv"
[HKEY_CURRENT_USER\Software\Classes\.mkv]
"KLCP.bak"="tigerplayer.mkv"
[HKEY_CURRENT_USER\Software\Classes\.mkv]
"VLC.backup"="tigerplayer.mkv"
[HKEY_CURRENT_USER\Software\Classes\mkv_auto_file]
[HKEY_CURRENT_USER\Software\Classes\tigerplayer.file]
".mkv"=""
[HKEY_CURRENT_USER\Software\Classes\tigerplayer.mkv]
[HKEY_CURRENT_USER\Software\Classes\tigerplayer.mkv]
@="MKV video file"
[HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\iTinySoft\Total FLV Sniffer]
"DownloadDir"="C:\Program Files (x86)\Free MKV Video2Dvd\Downloaded\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\mplayerc.exe\SupportedTypes]
".mkv"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\vlc.exe\SupportedTypes]
".mkv"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\wmplayer.exe\SupportedTypes]
".mkv"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\Extensions]
".mkv"="{55DA30FC-F16B-49FC-BAA5-AE59FC65F82D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MKVFile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mplayerc.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\mplayerc.mkv]
"PreviousRegistration"="tigerplayer.mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VLC.mkv]
@="VLC media file (.mkv)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Media\VLC\Capabilities\FileAssociations]
".mkv"="VLC.mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Converter]
"Description"="
<p>DivX Plus Converter takes popular video formats and simply creates DivX or DivX Plus files for your DivX Certified® devices.</p>
<ul>
<li>Drag and drop conversion into .divx (DivX video) and .mkv (DivX Plus video)</li>
<li>Create advanced DivX Plus features like smooth fast-forward and rewind</li>
<li>Take control of your files with advanced encoding options</li>
<li>Combine multiple videos into one .divx or .mkv file</li>
<li>Batch convert videos – even from different formats – in a single session</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\DSDesktopComponents]
"Description"="<p>DivX DirectShow MKV splitter</p>"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\Setup\InstallGroups\FiltersAndCodecs]
"Description"="
<p>DivX Plus Codec Pack enables you to watch and create DivX video in your favorite third-party applications.</p>
<ul>
<li>Play .divx, .avi, .mkv (DivX and DivX Plus video) in popular media players (e.g. Windows Media Player, QuickTime, Media Player Classic)</li>
<li>Create .avi files (DivX video) with third-party software (e.g. Virtual Dub)</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\DivX\Install\WebPlayer]
"Description"="
<p>DivX Plus Web Player delivers the highest quality experience on the web for streaming videos in HD to your favorite browser.</p>
<ul>
<li>Stream .divx, .avi, and .mkv (DivX and DivX Plus videos) as well as H.264 .mp4 and .mov files</li>
<li>Watch H.264 videos using HTML5 &lt;video&gt; in any browser</li>
<li>Leverage H.264 DXVA hardware acceleration to use less CPU and battery</li>
</ul>
"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\MLS\Extensions]
"mkv"="video"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\Descriptions]
"819"="MKV Media File (*.mkv)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions]
"819"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Player\Extensions\Types]
"819"="*.mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
"Extension.Handler"="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
"MediaType.Description"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
@="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"Description"="Includes files with .mkv extensions."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"Extensions"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"FriendlyTypeName"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
@="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extensions.SpaceSep"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extensions.CommaSep"="mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extension.Key"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\04DB801AC8A058348847474C6B80C63C\Features]
"fea_lng_id"="g(wI,t8C[=d6j2!F0&SbTvV5a'[email protected]{+I=D!=MKVAew)C6I+o}=xj,}[email protected]+JHQNTxkNW.CLZeM,B?A)U'QwaVycz[[email protected]$Ho9sH.P7o[!!in3A0lJd&vG8Kad[%Ql.KK,?XUrGkm?O3k[u_LLDtKa8U3WOjY}yVCYS).TSLsCA{71DU6]'[email protected](rv3QQo?U6DnA.eRsm.7SYv&5!x?5}%=fS5l1dLanguagesFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5669253FE57DD6D4890F47C5876CE8B9\Features]
"ConfigFree"="~a2PP}r[&9$S+xocA%gd.U!g3KsN%9EVeNq-vo^Mb2dX'5ZR??_,F`V7F~1cxK+`r&^[email protected]`^+WMrBO!4+F`*L2fNO9zK7jl6aGNVP{[email protected]+$vK7~cM]OXZeJ$f]A{)6=zWIz28BwBCecWfA?l(?KKUuYeuZ~(ACC)?5A8s!Hvbufc.aR3N&(q_}=LnKGm4!4Na'5p)hpy%SAwZ1NxfDP$ih{iBkA`~=Aiw*9bipjAMP?_w[S[}K?rh]W,9)}@GlUv!5,.%[email protected][$%'GJ*Kadjv9pRk1qIJl]rvI&i*fGPP=dL(N`s)Ju271ydF7hLDAjSm1z,fq2B4fH8G~Tqx8k*G^UPdyp0e$}xrhBY19tNteevfkNR+CKUXfKDz?S5KA?`[email protected]%jnF[6p2`AUln+(83k^N'[^w'w`kJ=A7d9.Yr6L=Vc?aw`{9_9!b5We2V03TKL%v_2q($?&O^ih0~ov73yf&]Z`[email protected]^05TvbkH-RyehYyq_X=?%}a+Eb*u[ljR]9{!X!?7{MbyyyNa^-OL?-?rnI9_fDm!dxKr3sMg[[email protected]=si+MpEoj9c]dq&*)c=4T?G,@HyeSW(-MS4XX]9A}&wpv2_x2Wo2*5WZxe=~(a,Y1D&IstQk(tZ^vFAoC1m+i8ZWDA?$s6*LGI=D6Hl[e)Z}7g0'&r[ke*95]][email protected]}-=6+ZzPQ4[KzT!?jQNW'_9PIshx(G[',[email protected][[email protected]&n=EH)LxT,EQk,[email protected]%m+e=b=X'[email protected]?t!Ja!G)ndL2E1y)`S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E\Features]
"Complete"="E*p8`fD'7=Dcui&h'X$cjcd=nMH*6=-hyFfiC'%Io5zT1Sza7?r{AK[}8RjJmkv5Z}.rn84dczfuX[fge%6)j=VxWA{3oy.pON7cnl(B!'[email protected](Yjs*B!*vMTAbpDf,=~osaS5Cm'sX%b?DJjEq'd?Oh*~s$UO)W&?fM5`[email protected][email protected]@[email protected]*V6Fa(z%z1dqZ52e8V-V(i=xc8y&3!VnDZ].?!`srv^r?]NLDZw.8Lg'ASw}D,9M%)i.y^s[[email protected]+5AquHN5_?'C_`M1_OUn'q=X]v0dku5&%[email protected]_-C0j1]R%q&qMG7c{tQAwB]14W_n3Bg~oZosEst8`6K3*HAn5*WI%O'9B(i?g3=13n)0UkaD2X$cR]?9B0rDo^]W{oZId?d1h`[email protected]%$Q'vbQb7Me,+K+?$}9HlOr`B9}IbxdVsB,6uo8h~hBJuFKR9?Jg~$SvU`88giA6'b1gy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Foundation\ByteStreamHandlers\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\iTinySoft\Total Video2DVD Author]
"installfolder"="C:\Program Files (x86)\Free MKV Video2Dvd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\MLS\Extensions]
"mkv"="video"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\Player\Extensions\Descriptions]
"819"="MKV Media File (*.mkv)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\Player\Extensions\MUIDescriptions]
"819"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer\Player\Extensions\Types]
"819"="*.mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
"Extension.Handler"="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Extensions\.mkv]
"MediaType.Description"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
@="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"Description"="Includes files with .mkv extensions."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"Extensions"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\Groups\Video\MKV]
"FriendlyTypeName"="MKV Media File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
@="MKVFile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extensions.SpaceSep"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extensions.CommaSep"="mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Multimedia\WMPlayer\MIME Types\video/x-matroska]
"Extension.Key"=".mkv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\cnet2_MkvDVDSetup_exe_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\cnet2_MkvDVDSetup_exe_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
"Inno Setup: Selected Tasks"="reset_settings,fa,fa\mpc,fa\video,fa\video\avi,fa\video\mpeg,fa\video\ts,fa\video\mkv,fa\video\mp4,fa\video\hdmov,fa\video\3gp,fa\video\ogm,fa\video\flv,fa\video\wmv,fa\video\asf,fa\video\qt,mpc_render,mpc_render\vmr9,speaker,speaker\20,boostac3volume"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\KLiteCodecPack_is1]
"Inno Setup: Deselected Tasks"="mpc_desktop,mpc_quicklaunch,fa\wmp,fa\audio,fa\audio\ogg,fa\audio\m4a,fa\audio\flac,fa\audio\ape,fa\audio\mpc,fa\audio\wv,thumbnails,thumbnails\mkv,thumbnails\mp4,thumbnails\hdmov,thumbnails\ogm,thumbnails\flv,thumbnails\ts,thumbnails\3gp,ff_plugins,ffwhitelist,ffhideicons,h264skipdeblock,ffrawvideo,ff_force_rgb32,mpc_render\overlay,mpc_render\vmr7,mpc_render\haali,mpc_subs,mpc_no_ini,haalishell,autoloadvsfilter,speaker\21,speaker\40,speaker\41,speaker\51,normalize,vsfilter_prebuffer,systemrestorepoint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Media Foundation\ByteStreamHandlers\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Media Type\Extensions\.mkv]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Media\VLC\Capabilities\FileAssociations]
".mkv"="VLC.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\tvp]
"Path"="C:\Program Files (x86)\Free MKV Video2Dvd\Skins\"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\VirtualDJ]
"FileTypes"="mp3,1,wav,2,cda,3,wma,4,asf,4,ogg,5,vdj,6,vds,6,m4a,21,aac,21,aif,21,aiff,21,flac,21,mpc,21,ape,21,avi,11,mpg,11,mpeg,11,wmv,11,vob,11,mov,11,divx,11,mp4,11,m4v,11,vix,11,mkv,11,flv,11,zip,15,"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\.mkv]
@="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\.mkv]
"KLCP.bak"="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\.mkv]
"VLC.backup"="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\mkv_auto_file]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\tigerplayer.file]
".mkv"=""
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\tigerplayer.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\tigerplayer.mkv]
@="MKV video file"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\iTinySoft\Total FLV Sniffer]
"DownloadDir"="C:\Program Files (x86)\Free MKV Video2Dvd\Downloaded\"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\.mkv]
@="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\.mkv]
"KLCP.bak"="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\.mkv]
"VLC.backup"="tigerplayer.mkv"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\mkv_auto_file]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\tigerplayer.file]
".mkv"=""
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\tigerplayer.mkv]
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\tigerplayer.mkv]
@="MKV video file"
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\iTinySoft\Total FLV Sniffer]
"DownloadDir"="C:\Program Files (x86)\Free MKV Video2Dvd\Downloaded\"

-= EOF =-

Again, thank you kindly,

Cara x
CaraMac is offline  
Old 07-17-2012, 11:15 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cara. You're welcome.

------------------------------------------------------

I see you have P2P software ( uTorrentControl2 Toolbar ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:
ClearJavaCache::

File::
C:\Users\OU Student\0.5875678921266417.exe

Folder::
c:\program files (x86)\iLivid
C:\Program Files (x86)\Searchqu Toolbar
c:\program files (x86)\Graboid
C:\Users\OU Student\AppData\Local\VirtualStore\Program Files (x86)\Solid MKV to DVD Converter and Burner
C:\Program Files (x86)\Sun\StarOffice 9
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarOffice 9
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\StarOffice 9
C:\Users\OU Student\AppData\Roaming\StarOffice
C:\Program Files (x86)\Free MKV Video2Dvd
c:\program files (x86)\ReviverSoft
C:\Users\OU Student\AppData\Local\auttvlmn

DDS::
mStart Page = hxxp://startsear.ch/?aff=1
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
Save this Notepad file as CFScript.txt to your Desktop and then close the file.





Referring to the picture above, drag CFScript onto ComboFix.

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2012, 04:19 AM   #11
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey chemist, i think the uTorrentControl2 Toolbar piggybacked in on another installation and i uninstalled it previously, i've had a look and it's not on my programmes list when i try to uninstall.

Here is the combofix log


ComboFix 12-07-16.01 - OU Student 18/07/2012 11:42:54.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.1059 [GMT 1:00]
Running from: c:\users\OU Student\Desktop\ComboFix.exe
Command switches used :: c:\users\OU Student\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\OU Student\0.5875678921266417.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Free MKV Video2Dvd
c:\program files (x86)\Free MKV Video2Dvd\v2d.log
c:\program files (x86)\Free MKV Video2Dvd\vcen00.tmp
c:\program files (x86)\Graboid
c:\program files (x86)\Graboid\installstart.txt
c:\program files (x86)\iLivid
c:\program files (x86)\iLivid\script.qscript
c:\program files (x86)\iLivid\script1.81.qscript
c:\program files (x86)\Searchqu Toolbar
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files (x86)\Searchqu Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files (x86)\Sun\StarOffice 9
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registry\data\org\openoffice\Office\Linguistic.xcu
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\stamp.sys
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages.db
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\affDescription.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\description.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\dictionaries.xcu
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_GB.aff
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_GB.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_US.aff
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_US.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_ZA.aff
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\en_ZA.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\hyph_en_GB.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\META-INF\manifest.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\README_en_GB.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\README_en_GB_thes.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\README_en_US.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\README_en_ZA.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\th_en_US_v2.dat
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\th_en_US_v2.idx
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\AD9D.tmp_\dict-en.oxt\WordNet_license.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\description.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\dictionaries.xcu
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\es_ES.aff
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\es_ES.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\META-INF\manifest.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B51C.tmp_\dict-es.oxt\README_es_ES.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\description.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\dictionaries.xcu
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\fr_FR.aff
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\fr_FR.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\hyph_fr_FR.dic
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\LICENCES-fr.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\LICENSES-en.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\META-INF\manifest.xml
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\README_fr_FR.txt
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\th_fr_FR_v2.dat
c:\program files (x86)\Sun\StarOffice 9\share\uno_packages\cache\uno_packages\B6B1.tmp_\dict-fr.oxt\th_fr_FR_v2.idx
c:\programdata\Microsoft\Windows\Start Menu\Programs\StarOffice 9
c:\users\OU Student\AppData\Local\auttvlmn
c:\users\OU Student\AppData\Local\VirtualStore\Program Files (x86)\Solid MKV to DVD Converter and Burner
c:\users\OU Student\AppData\Local\VirtualStore\Program Files (x86)\Solid MKV to DVD Converter and Burner\SolidDVD.ini
c:\users\OU Student\AppData\Roaming\StarOffice
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\autocorr\acor_.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\autocorr\acor_en-US.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\autotext\mytexts.bau
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\basic\dialog.xlc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\basic\script.xlc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\basic\Standard\dialog.xlb
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\basic\Standard\Module1.xba
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\basic\Standard\script.xlb
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\arrowhd_en-US.soe
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\autotbl.fmt
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\classic_en-US.sog
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\cmyk.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\gallery.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\hatching_en-US.soh
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\html.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\javasettings_Windows_x86.xml
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\modern_en-US.sog
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\palette_en-US.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\soffice.cfg\global\accelerator\en-US\current.xml
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\soffice.cfg\modules\schart\accelerator\en-US\current.xml
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\soffice.cfg\modules\swriter\accelerator\en-US\current.xml
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.sob
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.sod
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.soe
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.sog
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\standard.soh
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\styles_en-US.sod
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\sun-color.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\config\web.soc
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\database\biblio.odb
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\database\biblio\biblio.dbf
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\database\biblio\biblio.dbt
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\gallery\sg100.sdv
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\gallery\sg100.thm
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\gallery\sg30.sdv
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\gallery\sg30.thm
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registration.xml
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.FirstStartWizard.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Inet.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.LDAP.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Addons.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Calc.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Chart.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Commands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Common.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Compatibility.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.DataAccess.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Embedding.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Events.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Impress.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Java.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Jobs.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Linguistic.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Logging.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Paths.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.ProtocolHandler.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Recovery.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Security.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.SFX.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Substitution.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.TabBrowse.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.TypeDetection.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.ChartCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.ChartWindowState.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.Controller.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.DbuCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.DrawImpressCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.Effects.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.Factories.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.GenericCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.GlobalSettings.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.ImpressWindowState.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.StartModuleCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.StartModuleWindowState.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.WriterCommands.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.UI.WriterWindowState.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Views.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.Writer.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Office.WriterWeb.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.Setup.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.System.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.TypeDetection.Filter.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.TypeDetection.GraphicFilter.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.TypeDetection.Misc.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.TypeDetection.Types.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.TypeDetection.UISort.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.ucb.Configuration.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.ucb.Hierarchy.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.ucb.Store.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.UserProfile.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\cache\org.openoffice.VCL.dat
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Common.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Jobs.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Linguistic.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Logging.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Recovery.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\UI.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\UI\ChartWindowState.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\UI\WriterWindowState.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Views.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Office\Writer.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\Setup.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\ucb\Hierarchy.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\registry\data\org\openoffice\ucb\Store.xcu
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\uno_packages\cache\log.txt
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\uno_packages\cache\registry\com.sun.star.comp.deployment.configuration.PackageRegistryBackend\registered_packages.db
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\uno_packages\cache\stamp.sys
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\uno_packages\cache\uno_packages.db
c:\users\OU Student\AppData\Roaming\StarOffice\9\user\wordbook\standard.dic
.
.
((((((((((((((((((((((((( Files Created from 2012-06-18 to 2012-07-18 )))))))))))))))))))))))))))))))
.
.
2012-07-18 10:57 . 2012-07-18 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-16 02:48 . 2012-07-16 02:48 -------- d-----w- c:\program files (x86)\ESET
2012-07-15 23:19 . 2012-07-15 23:19 -------- d-----w- c:\users\OU Student\AppData\Local\Macromedia
2012-07-12 12:47 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:19 . 2012-07-11 22:19 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 11:14 . 2012-07-09 11:14 -------- d-----w- c:\users\OU Student\AppData\Local\DDMSettings
2012-06-27 15:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-27 15:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-27 15:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-27 15:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 15:32 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-27 15:32 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-27 15:32 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 15:32 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-27 15:32 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"Facebook Update"="c:\users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Akamai NetSession Interface"="c:\users\OU Student\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Spotify Web Helper"="c:\users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-11 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
AeLookupSvc
AppMgmt
AudioSrv
BITS
CertPropSvc
FastUserSwitchingCompatibility
gpsvc
helpsvc
Ias
iphlpsvc
Irmon
lanmanserver
LogonHours
msiscsi
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
PCAudit
Rasauto
Rasman
Remoteaccess
schedule
SCPolicySvc
SENS
SessionEnv
Sharedaccess
ShellHWDetection
SRService
Tapisrv
TermService
uploadmgr
winmgmt
WmdmPmSp
Wmi
wuauserv
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\"c:\\Program Files\\TOSHIBA\\Utilities\\HWSetup.exe\" hwSetUP"
"KeNotify"="c:\\Program Files (x86)\\TOSHIBA\\Utilities\\KeNotify.exe"
"Adobe Reader Speed Launcher"="\"c:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
"TWebCamera"=expand:"\"%ProgramFiles%\\TOSHIBA\\TOSHIBA Web Camera Application\\TWebCamera.exe\" autorun"
"ToshibaServiceStation"="\"c:\\Program Files (x86)\\TOSHIBA\\TOSHIBA Service Station\\ToshibaServiceStation.exe\" /hide:60"
"DivXUpdate"="\"c:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
"Memeo Instant Backup"="c:\\Program Files (x86)\\Memeo\\AutoBackup\\MemeoLauncher2.exe --silent --no_ui"
"Seagate Dashboard"="c:\\Program Files (x86)\\Seagate\\Seagate Dashboard\\MemeoLauncher.exe --silent --no_ui"
"SunJavaUpdateSched"="\"c:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"AVG_TRAY"="\"c:\\Program Files (x86)\\AVG\\AVG2012\\avgtray.exe\""
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="\"c:\\Program Files (x86)\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\""
"Facebook Update"="\"c:\\Users\\OU Student\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver"
"Akamai NetSession Interface"="\"c:\\Users\\OU Student\\AppData\\Local\\Akamai\\netsession_win.exe\""
"Spotify Web Helper"="\"c:\\Users\\OU Student\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*¿AH\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2252443515-773699113-3761594329-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*D*i*²¶a?\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
c:\program files (x86)\AVG\AVG2012\avgidsagent.exe
c:\program files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files (x86)\Memeo\AutoBackup\InstantBackup.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
.
**************************************************************************
.
Completion time: 2012-07-18 12:12:28 - machine was rebooted
.
Pre-Run: 3,194,101,760 bytes free
.
Cheers, Cara x
CaraMac is offline  
Old 07-18-2012, 01:23 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cara. Please tell us how your system is behaving. Are you able to access the AVG website now?

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Users\OU Student\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\15HBNKBO\VeohWebPlayerSetup_eng[1].exe"
"C:\Users\OU Student\AppData\LocalLow\Retrogamer_4wEI\Installr\Cache\028829CB.exe"
"C:\Users\OU Student\Downloads\avc-free.exe"
"C:\Users\OU Student\Downloads\gimpshop.exe"
"C:\Users\OU Student\Downloads\HAYES_CARLL_(dvd)_Live_IN_WXPN_World_Cafe_in_the_City_Philade.exe"
"C:\Users\OU Student\Downloads\IWON(2).exe"
"C:\Users\OU Student\Downloads\IWON.exe"
"C:\Users\OU Student\Downloads\Ray_Wylie_Hubbard_And_The_Cowboy_Twinkies_2011_320kbps_Mp3.exe"
"C:\Users\OU Student\Downloads\The_Artist_(2011)DvDRip_Xvid-s.exe"
"C:\Users\OU Student\Downloads\The_Hunger_Games_2012_V2_TS_XViD_NEW_SOURCE__DTRG.exe"
"C:\Users\OU Student\Downloads\XvidSetup.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\avc-free.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_avc-free_exe(2).exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_avc-free_exe.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_MkvDVDSetup_exe(2).exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet2_MkvDVDSetup_exe.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\cnet_rcsetup140_exe.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Facemoods.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\HAYES_CARLL_(dvd)_Live_IN_WXPN_World_Cafe_in_the_City_Philade.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\IWON(2).exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\IWON.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Retrogamer(2).exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\Retrogamer.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\setup.exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\transformers_prime__darkness_rising_352p_h264_by_ali_baloch_[h33t].exe"
"G:\OU Student_Backup\2011-11-21_20-01-03\Memeo\2011-11-21_20-01-03\C_\Users\OU Student\Downloads\XvidSetup.exe"
"G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 1.zip"
"G:\OUSTUDENT\Backup Set 2012-06-08 014027\Backup Files 2012-06-08 014027\Backup files 2.zip"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

for %%g in (

"C:\Program Files (x86)\Solid MKV to DVD Converter and Burner"
"C:\Users\OU Student\AppData\LocalLow\FunWebProducts"

) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)

if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0
Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this:

Right-click on fix.bat and choose 'Run as administrator' to allow it to run.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Your Windows 7 User Account Control UAC has been disabled. Sometimes, malware disables it, sometimes the end user does.

Please read this

Before you go any further, protect this system and re-enable that feature. Click Start > Control Panel > User Accounts > Change User Account Control settings and set it back to Always Notify.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 6 Update 32

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.
  • Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Under the Scanner tab, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy/Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


------------------------------------------------------

Please post the following in your next reply:

MBAM log
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-18-2012, 08:14 PM   #13
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey chemist, small problem with Java. I uninstalled as directed, and downloaded and reinstalled, but when i return to control panel there isn't the coffee cup logo in it's place is an icon with what looks like a sheet of paper with the corner folded over with a pic of a window on it. Like it's an incorrect file type or something? I tried reinstalling and rebooting and i the Java website check says i have the latest version installed.

The fix. bat said "deleted successfully. Press any key...

The system seems ok maybe a little slow. My google chrome home page has been hijacked by hxxp://www.searchnu.com/406 and i cant seem to get rid of it, i've tried setting google as my home page but it still opens up on searhnu.com although when i hit the home icon it takes me to google. Not much of a problem though i was only using chrome as comitbird wasn't working.

Here is the mbam log,


Malwarebytes Anti-Malware 1.62.0.1300
Malwarebytes : Free anti-malware download

Database version: v2012.07.18.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
OU Student :: OUSTUDENT [administrator]

19/07/2012 03:13:10
mbam-log-2012-07-19 (03-13-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193654
Time elapsed: 31 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Thanks x
CaraMac is offline  
Old 07-18-2012, 11:17 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cara. Are you able to access the AVG site now?

------------------------------------------------------

As far as Chrome, you will have to uninstall it, reboot, then re-install it.

Download the Google Chrome installer and save it to your desktop:

Chrome Browser

Uninstall Google Chrome via Programs and Features in your Control Panel.

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\OU Student\AppData\Local\Google\Chrome"

A DOS window will open and close again, this is normal.

------------------------------------------------------

Reboot your computer. Re-install Google Chrome using the installer you downloaded earlier.

Are you able to set your Chrome home page to Google now?

------------------------------------------------------

As far as Java, something got corrupted. Uninstall the following via Programs and Features(if they exist):

Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1


Reboot your computer if not prompted already.

Now reinstall Java as before > java.com: Java + You

Let me know how it goes.

Please run dds again and post/attach the logs as before.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-19-2012, 06:45 PM   #15
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hi sorry i can indeed now access the AVG site. Google chrome is sorted too. Still not happening with Java though, similar to last time, except this time the peice of paper with the corner folded over doesn't have a picture of a window on it.

Thanks,

Cara x

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by OU Student at 2:18:01 on 2012-07-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1913.588 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe
C:\Users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\OU Student\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rangers.co.uk/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\OU Student\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "C:\Users\OU Student\AppData\Local\Akamai\netsession_win.exe"
uRun: [Spotify Web Helper] "C:\Users\OU Student\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\OU Student\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\2445F40756E6A7F6E656D284 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\245414E4353454E454 : DhcpNameServer = 168.95.0.102
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\35B4951353139323 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{43D279A8-7DDA-4851-A495-5A4C8339F67A}\35B4951383738323 : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
mRun-x64: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\OU Student\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-6 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-29 135664]
S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-20 01:13:33 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-19 02:12:34 -------- d-----w- C:\Users\OU Student\AppData\Roaming\Malwarebytes
2012-07-19 02:12:10 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-19 02:12:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-19 02:12:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 00:28:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-18 12:30:55 -------- d-----w- C:\Users\OU Student\AppData\Local\{AAAB8600-8115-4540-8B35-B271920D7376}
2012-07-18 12:30:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{1B1C83F0-6F83-4DCA-938B-469B1013FD81}
2012-07-18 10:40:58 -------- d-----w- C:\ComboFix
2012-07-18 00:14:06 -------- d-----w- C:\Users\OU Student\AppData\Local\{33A1C4EF-B4B4-481B-98D6-9B42EBB9937F}
2012-07-18 00:13:43 -------- d-----w- C:\Users\OU Student\AppData\Local\{2DA6332F-AB8A-4571-BA08-D92EA4249A4B}
2012-07-17 12:13:16 -------- d-----w- C:\Users\OU Student\AppData\Local\{9FDD5121-010F-4FAC-8D89-22C6F932ECA2}
2012-07-17 12:12:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{D5BA3674-946E-4A5C-A6E4-E18E7299CEEB}
2012-07-17 09:31:47 98816 ----a-w- C:\Windows\sed.exe
2012-07-17 09:31:47 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-17 09:31:47 256000 ----a-w- C:\Windows\PEV.exe
2012-07-17 09:31:47 208896 ----a-w- C:\Windows\MBR.exe
2012-07-17 00:08:24 -------- d-----w- C:\Users\OU Student\AppData\Local\{AEE938B9-C459-4442-9558-284F34814634}
2012-07-17 00:07:49 -------- d-----w- C:\Users\OU Student\AppData\Local\{4EAE2A26-B74C-49C9-A8D4-C63789D96F08}
2012-07-16 02:48:24 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-16 01:55:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{AF1070B3-4262-4470-BCE9-C73AD6F7B38E}
2012-07-16 01:55:36 -------- d-----w- C:\Users\OU Student\AppData\Local\{AD6C2C39-7F87-40A3-9D7E-248EA402D727}
2012-07-15 23:19:47 -------- d-----w- C:\Users\OU Student\AppData\Local\Macromedia
2012-07-13 22:43:47 -------- d-----w- C:\Users\OU Student\AppData\Local\{ECDC74F8-E9C5-4880-8010-03A9C7E80D9A}
2012-07-13 22:43:16 -------- d-----w- C:\Users\OU Student\AppData\Local\{4557017C-7CBD-4E9B-B688-CF3AF8EC3023}
2012-07-12 12:47:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 22:19:05 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-11 00:29:49 -------- d-----w- C:\Users\OU Student\AppData\Local\{832F2FBA-F4A8-48D1-B41F-2AD6444C7061}
2012-07-09 20:07:49 -------- d-----w- C:\Users\OU Student\AppData\Local\{BD0E5CCA-95D8-4818-87AA-22E76F4D6817}
2012-07-09 20:07:26 -------- d-----w- C:\Users\OU Student\AppData\Local\{A21C55A2-1FD7-40A9-9DE3-7605B1D2471F}
2012-07-09 11:14:31 -------- d-----w- C:\Users\OU Student\AppData\Local\DDMSettings
2012-07-09 08:07:05 -------- d-----w- C:\Users\OU Student\AppData\Local\{D9100E1E-8EB1-479E-9B77-F14047D0A812}
2012-07-09 0848 -------- d-----w- C:\Users\OU Student\AppData\Local\{FF9A031A-12D8-42DB-8E8F-B7058FB05D29}
2012-07-08 19:39:25 -------- d-----w- C:\Users\OU Student\AppData\Local\{B5628BCA-CBAD-4AA8-9B43-76915DC25CD1}
2012-07-08 19:38:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{6E6F543E-640E-4451-AA92-1745EB7288B3}
2012-07-08 07:39:23 -------- d-----w- C:\Users\OU Student\AppData\Local\{4BFCEF8B-25BA-4C89-80CB-DB2B292419C2}
2012-07-07 15:39:00 -------- d-----w- C:\Users\OU Student\AppData\Local\{ED040F25-5276-4DD3-B145-DFD6711A89AD}
2012-07-07 15:38:47 -------- d-----w- C:\Users\OU Student\AppData\Local\{A45D7487-6F94-4E7F-9B6D-85E3DB41BAC9}
2012-07-07 03:15:15 -------- d-----w- C:\Users\OU Student\AppData\Local\{6D3C632E-65E0-4A5D-90B9-E11B8271ED2A}
2012-07-07 03:14:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{45921D89-E5D0-4134-B1A4-0A3CE3BDA9A6}
2012-07-06 15:13:25 -------- d-----w- C:\Users\OU Student\AppData\Local\{F20A0CDD-282B-404C-9361-FCE89520FE08}
2012-07-06 15:12:34 -------- d-----w- C:\Users\OU Student\AppData\Local\{B58DC319-18CF-4140-BCB7-2F60DDCCB7DB}
2012-07-05 02:05:29 -------- d-----w- C:\Users\OU Student\AppData\Local\{4759D75A-9DF7-489D-A864-74C82FC55492}
2012-07-05 02:05:06 -------- d-----w- C:\Users\OU Student\AppData\Local\{60744B0F-31ED-4944-AFA2-DF210C4B4E30}
2012-07-04 14:04:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{A30E86DA-9B01-444F-B8AF-6B7D5B1C0DE2}
2012-07-04 14:04:23 -------- d-----w- C:\Users\OU Student\AppData\Local\{99AEEA1F-053D-4DCC-9611-0C56533D64E6}
2012-06-29 23:38:14 -------- d-----w- C:\Users\OU Student\AppData\Local\{71829603-78A0-412F-852D-B515CB6358AE}
2012-06-29 23:37:48 -------- d-----w- C:\Users\OU Student\AppData\Local\{9DFF56FE-F438-4C27-A510-876ADDE833C3}
2012-06-29 11:37:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{F4FF3494-5C38-434F-BF6A-574E31D10876}
2012-06-29 11:37:06 -------- d-----w- C:\Users\OU Student\AppData\Local\{AB7F7057-F15A-4B72-AE9D-6AD1EE4967DF}
2012-06-28 23:36:27 -------- d-----w- C:\Users\OU Student\AppData\Local\{6F705892-809C-44F6-B140-5A37F7F393CF}
2012-06-28 23:36:04 -------- d-----w- C:\Users\OU Student\AppData\Local\{1DED7306-F598-4AC9-A738-C2976F607241}
2012-06-28 10:20:53 -------- d-----w- C:\Users\OU Student\AppData\Local\{D6F13A0B-81AD-4811-968E-1C8800E56892}
2012-06-28 10:20:41 -------- d-----w- C:\Users\OU Student\AppData\Local\{05D87A8A-6AAD-446F-B9B2-BA9F8F373955}
2012-06-27 18:08:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{0592775F-50F7-4C12-9207-25AE94F7E17C}
2012-06-27 18:08:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{20CB50C3-867A-4915-B649-7672A5E88062}
2012-06-27 15:32:58 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-27 15:32:39 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-27 15:32:03 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-27 15:32:03 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-26 22:54:54 -------- d-----w- C:\Users\OU Student\AppData\Local\{B84F3AB0-62CF-4C90-BDC0-04360ADB4FDC}
2012-06-26 22:54:41 -------- d-----w- C:\Users\OU Student\AppData\Local\{C7FA51D0-BDF2-45B9-8752-C901CABA6B33}
2012-06-26 10:13:21 -------- d-----w- C:\Users\OU Student\AppData\Local\{C721DECF-B6E4-4F2D-B55B-DDE8CC1EA4A1}
2012-06-26 10:13:09 -------- d-----w- C:\Users\OU Student\AppData\Local\{FC614B30-4FA7-4597-9B4C-744876A428F9}
2012-06-25 14:59:39 -------- d-----w- C:\Users\OU Student\AppData\Local\{4F30F5CF-B758-4A1C-834B-8A6AA878B10D}
2012-06-25 14:59:27 -------- d-----w- C:\Users\OU Student\AppData\Local\{25F324E8-5205-4D35-8374-B923CC779EE7}
2012-06-25 00:22:05 -------- d-----w- C:\Users\OU Student\AppData\Local\{7F64BA51-4CF6-494F-A468-3F3A48767856}
2012-06-25 00:21:53 -------- d-----w- C:\Users\OU Student\AppData\Local\{43734504-25EB-4B3E-84CC-907E97F7A903}
2012-06-25 00:19:31 -------- d-----w- C:\Users\OU Student\AppData\Local\{C0763242-69E8-40EB-B109-BF8F4B823E6D}
2012-06-25 00:19:04 -------- d-----w- C:\Users\OU Student\AppData\Local\{60CEAFD2-BC4E-414E-B166-B12DA25DBE65}
2012-06-24 10:46:44 -------- d-----w- C:\Users\OU Student\AppData\Local\{90A08119-D02E-4638-8D8A-32A54DD6AC5D}
2012-06-24 10:46:29 -------- d-----w- C:\Users\OU Student\AppData\Local\{16AA74E9-34E8-4C02-A24E-FE273BF0570E}
2012-06-23 18:22:18 -------- d-----w- C:\Users\OU Student\AppData\Local\{69B87DAC-CC05-494E-A82F-FDFEAC90FA37}
2012-06-23 18:22:07 -------- d-----w- C:\Users\OU Student\AppData\Local\{84521D21-1673-4560-B03B-4BCA5834B512}
2012-06-23 00:11:09 -------- d-----w- C:\Users\OU Student\AppData\Local\{04947B3B-8E19-415D-A73B-41A1ADCCCB08}
2012-06-23 00:10:46 -------- d-----w- C:\Users\OU Student\AppData\Local\{41B2185E-33C0-42B3-8541-247EE6189C65}
2012-06-21 23:44:11 -------- d-----w- C:\Users\OU Student\AppData\Local\{FC71A084-022B-4B0A-B4E9-53953336034E}
2012-06-21 23:43:58 -------- d-----w- C:\Users\OU Student\AppData\Local\{26E66ED4-56FA-4808-8271-E5F846CE4088}
2012-06-20 11:41:59 -------- d-----w- C:\Users\OU Student\AppData\Local\{C3D71379-5238-4810-AB52-240BF035498C}
2012-06-20 11:41:36 -------- d-----w- C:\Users\OU Student\AppData\Local\{037AC278-E15B-4F1A-A32B-F5A8CFB53D2C}
.
==================== Find3M ====================
.
2012-07-11 22:19:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:19:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 2130 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-05 2120 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 0616 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 0616 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 1122 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 2:21:29.67 ===============
Attached Files
File Type: zip Attach.zip (2.8 KB, 35 views)
CaraMac is offline  
Old 07-19-2012, 10:16 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cara. Everything looks good in your logs.

Try rebooting your machine. Is the Java icon still not showing correctly?

If not, I don't know what to do to fix it. It doesn't appear to be malware related.

You could contact Java and ask for help > Java Help Center

Or, you could seek help in our Windows Vista/Windows 7 Support Forum

Let them know you were here and were cleared of malware.

------------------------------------------------------

Just to make sure Ramnit is gone, we need to run ESET Online Scanner one more time.

Follow the instructions in post #4 above and post the ESET log in your next reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-20-2012, 03:05 PM   #17
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Nice work chemist, no threats found by ESET. I can't thank you enough i was starting to worry that it would effect my study, or corrupt an essay file as it was due for submission. I'll get onto the windows 7 forum and seek help for my Java issue over the weekend. It appears to be working so it is just the updates that will be affected? Again thank you, i think it's fantastic that you spend your own time helping the more vulnerable members of the online community

Greatly appreciated,

Cara x
CaraMac is offline  
Old 07-20-2012, 05:05 PM   #18
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Hey i'm maybe asking a bit much considering how much you have helped already but
any advice on a thread title for my JAVA issue? Or what i should include in my post?

Thanks, Cara x
CaraMac is offline  
Old 07-21-2012, 01:46 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Cara. You're very welcome.

You might be better off seeking help with Java directly > java.com Support Options

As far as a thread title for our Vista/Win7 forum, something like "Java coffee cup icon in Control Panel corrupted" should do.

Let them know you were here first and were cleared of malware.

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

As far as those infected objects listed in the ESET report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable AVG before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key and Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure all your applications and browsers are up-to-date by visiting Secunia Online Software Inspector here:

Free Online Computer Scan - Online Software Inspector (OSI) - Secunia
  • Click 'Start Scanner'
  • Wait for Status/Currently Processing: at the lower left to say 'Java Applet loaded successfully. Press "Start" to begin.'
  • Click 'Start'.
  • The scan should take less than a minute or so.
  • When done, download and install all the recommended updates.
  • This will help ensure the malware writers cannot use exploits(bugs) in older versions of your applications to infect your computer in the future.
------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-21-2012, 05:57 PM   #20
Registered Member
 
Join Date: Jul 2012
Location: Glasgow
Posts: 11
OS: Windows 7 home premium service pack 1



Thank you chemist, awesome!
CaraMac is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
can't install or uninstall programs
I've tried to install my printer software but when it gets to the last phase of the installation process it says 'unable to install software' I tried to download and install AVG 2012 and the same thing it got to the last step and said set up error: general internal error: additional message:MSI...
reedkwize1 Virus/Trojan/Spyware Help 59 11-10-2011 04:40 PM
google redirect and script errors
Hi, When I use google any link I click is redirected to random websites. Also I am constantly getting pop up notifications from internet explorer that there is a script error. Thanks for any help DDS Log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Susan at 13:09:47.78 on Thu...
healys818 Resolved HJT Threads 18 05-12-2011 06:42 AM
Malware/popup/redirects
Hi Recently my machines been running very slow (Win XP, SP 4), then recently on Mozilla 4.0 new tabs started appearing. I found a folder in Documents and Settings/Network Service/Local Settings which was 'temp' which had lots of jpgs/html/javascript, like these were the dodgy HTML pages...
psj3809 Resolved HJT Threads 48 04-14-2011 01:45 PM
url redirects plus some other spurious behavior
Was unable to complete an Amazon transaction yesterday -- checkout pages wouldn't load without repeated attempts. Then found that search engine results were being redirected. Tried System Restore to several different known-clean restore points -- all failed. Have also noticed these intermittent...
tooleyweeds Resolved HJT Threads 14 04-13-2011 11:42 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:11 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts