Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Internet search hijacked and IE8 won't open

  1. #1
    Junior Member
    Join Date
    Dec 2010
    Posts
    5

    Default Internet search hijacked and IE8 won't open

    Hi,

    IE8 won't open and search results are being hijacked when using Chrome, Firefox etc. I also had defragmenter with S&D seems to have disabled.

    I have used CCleaner to 'fix' registry issues. I was using AVG free but I removed it and I'm now using Microsoft Essentials.

    I have downloaded and run ERUNT.

    Thanks in advance for any help you can provide.

    I have attached the 'attach'file and here is the DDS log:-



    DDS (Ver_10-12-12.02) - NTFSx86
    Run by *** **** at 14:15:09.48 on 31/12/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.437 [GMT 0:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\PROGRA~1\Fun4IM\Bandoo.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\EgisTec IPS\PmmUpdate.exe
    C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\WINDOWS\snuvcdsm.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
    C:\Program Files\Launch Manager\LMworker.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Documents and Settings\T** W***\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aod260&r=0xph0910r935l0404wu65w4602t397
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aod260&r=0xph0910r935l0404wu65w4602t397
    mStart Page = hxxp://home.sweetim.com
    mURLSearchHooks: H - No File
    BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {4ABD3CBD-6269-4A28-8E91-F08512208658} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: BandooIEPlugin Class: {eb5cee80-030a-4ed8-8e20-454e9c68380f} - c:\program files\fun4im\plugins\ie\ieplugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [aHvFmtjxlhgIe.exe] c:\docume~1\******~1\locals~1\temp\aHvFmtjxlhgIe.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
    mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS
    mRun: [snuvcdsm] c:\windows\snuvcdsm.exe
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
    mRun: [AMService] c:\windows\system32\setup.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\******~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll c:\progra~1\fun4im\bndhook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2010-5-6 17840]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2010-5-6 15280]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2010-5-6 58800]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-5-6 312400]
    R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\fun4im\Bandoo.exe [2010-11-23 1938880]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-5-6 260640]
    R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-5-6 243232]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-5-6 60456]
    R3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-2-1 305520]
    S2 AMService;AMService;c:\windows\temp\lrtj\setup.exe run --> c:\windows\temp\lrtj\setup.exe run [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 135664]
    S2 kroover;kroover; [x]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-6 1691480]

    =============== Created Last 30 ================

    2010-12-30 21:16:37 -------- d-----w- c:\docume~1\******~1\applic~1\Malwarebytes
    2010-12-30 21:16:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-30 21:16:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-30 21:16:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-30 21:16:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 18:12:45 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{cf333929-acec-466d-ba2e-2cb58bc1e3f9}\mpengine.dll
    2010-12-29 18:12:45 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-29 17:59:55 -------- d-----w- c:\program files\Microsoft Security Client
    2010-12-19 21:42:38 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-12-19 21:42:38 608448 ----a-w- c:\windows\system32\comctl32.ocx
    2010-12-19 21:42:38 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-12-19 21:42:37 -------- d-----w- c:\program files\AML Products
    2010-12-19 14:33:00 -------- d-----w- c:\docume~1\******~1\locals~1\applic~1\Temp
    2010-12-18 11:09:12 -------- d-----w- c:\docume~1\******~1\applic~1\Yboza
    2010-12-13 18:01:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

    ==================== Find3M ====================


    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD16 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\iaStor0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85DB8566]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85dbe624]; MOV EAX, [0x85dbe6a0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x85DFF030]
    3 CLASSPNP[0xF768DFD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000008c[0x867DB838]
    5 ACPI[0xF74A4620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x86754028]
    \Driver\iaStor[0x867493A0] -> IRP_MJ_CREATE -> 0x85DB8566
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600BEVT-22A23T0__________________01.01A01#4&36fb52f8&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\iaStor DriverStartIo -> 0x85DB83B2
    user != kernel MBR !!!
    sectors 312581806 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 14:17:56.21 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Your infected with a Rootkit

    • Download TDSSKiller and save it to your Desktop.
    • Extract the file and run it.
    • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
    • Please post the content of the TDSSKiller log
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Dec 2010
    Posts
    5

    Default

    Hi Ken,

    Thanks for the reply, here is the log:-


    2011/01/04 19:09:46.0695 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
    2011/01/04 19:09:46.0695 ================================================================================
    2011/01/04 19:09:46.0695 SystemInfo:
    2011/01/04 19:09:46.0695
    2011/01/04 19:09:46.0695 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/04 19:09:46.0695 Product type: Workstation
    2011/01/04 19:09:46.0695 ComputerName: ACER-1E578465C0
    2011/01/04 19:09:46.0695 UserName: *** ****
    2011/01/04 19:09:46.0695 Windows directory: C:\WINDOWS
    2011/01/04 19:09:46.0695 System windows directory: C:\WINDOWS
    2011/01/04 19:09:46.0695 Processor architecture: Intel x86
    2011/01/04 19:09:46.0695 Number of processors: 2
    2011/01/04 19:09:46.0695 Page size: 0x1000
    2011/01/04 19:09:46.0695 Boot type: Normal boot
    2011/01/04 19:09:46.0695 ================================================================================
    2011/01/04 19:09:47.0476 Initialize success
    2011/01/04 19:09:52.0414 ================================================================================
    2011/01/04 19:09:52.0414 Scan started
    2011/01/04 19:09:52.0414 Mode: Manual;
    2011/01/04 19:09:52.0414 ================================================================================
    2011/01/04 19:09:52.0757 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/04 19:09:52.0820 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/04 19:09:52.0882 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/01/04 19:09:52.0945 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/04 19:09:53.0039 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/04 19:09:53.0132 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/04 19:09:53.0179 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/04 19:09:53.0257 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/04 19:09:53.0351 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/04 19:09:53.0398 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/04 19:09:53.0445 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/04 19:09:53.0523 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/04 19:09:53.0601 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/04 19:09:53.0711 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
    2011/01/04 19:09:53.0804 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/04 19:09:53.0867 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/04 19:09:53.0929 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/04 19:09:53.0976 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/04 19:09:54.0007 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/04 19:09:54.0117 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/04 19:09:54.0164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/04 19:09:54.0257 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/04 19:09:54.0336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/04 19:09:54.0523 BCM43XX (c4dd93c82227d964897940c68391a577) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/01/04 19:09:54.0586 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/04 19:09:54.0664 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/04 19:09:54.0695 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/04 19:09:54.0757 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/01/04 19:09:54.0789 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/04 19:09:54.0836 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/04 19:09:54.0898 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/04 19:09:54.0945 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\drivers\Cdrom.sys
    2011/01/04 19:09:55.0070 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/04 19:09:55.0132 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/04 19:09:55.0164 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/04 19:09:55.0257 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/04 19:09:55.0320 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/04 19:09:55.0351 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/04 19:09:55.0429 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/04 19:09:55.0539 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/04 19:09:55.0617 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/04 19:09:55.0664 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/04 19:09:55.0726 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/04 19:09:55.0820 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/04 19:09:55.0851 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/04 19:09:55.0976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/04 19:09:56.0070 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/04 19:09:56.0117 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/04 19:09:56.0148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/04 19:09:56.0195 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/01/04 19:09:56.0242 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/04 19:09:56.0304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/04 19:09:56.0382 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/04 19:09:56.0476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/04 19:09:56.0570 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/04 19:09:56.0664 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/04 19:09:56.0726 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/04 19:09:56.0789 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/04 19:09:56.0820 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/04 19:09:56.0898 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/04 19:09:57.0039 ialm (0e501525f2b67aa17fe143d7c5e6a649) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/01/04 19:09:57.0164 iaStor (d483687eace0c065ee772481a96e05f5) C:\WINDOWS\system32\drivers\iaStor.sys
    2011/01/04 19:09:57.0257 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
    2011/01/04 19:09:57.0320 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/04 19:09:57.0632 IntcAzAudAddService (f574d00ab0319d8ab38fff0739c8659b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/01/04 19:09:57.0742 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/04 19:09:57.0820 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/04 19:09:57.0882 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/01/04 19:09:57.0945 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/04 19:09:57.0992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/04 19:09:58.0054 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/04 19:09:58.0101 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/04 19:09:58.0164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/04 19:09:58.0226 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/04 19:09:58.0304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/04 19:09:58.0351 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/04 19:09:58.0429 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/04 19:09:58.0523 L1c (d99d73fb21394f2cba4b6f34361f88fa) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
    2011/01/04 19:09:58.0664 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/04 19:09:58.0742 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/04 19:09:58.0836 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
    2011/01/04 19:09:58.0945 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/04 19:09:59.0007 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/04 19:09:59.0070 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/04 19:09:59.0117 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/01/04 19:09:59.0164 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/04 19:09:59.0211 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/04 19:09:59.0289 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/04 19:09:59.0382 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/04 19:09:59.0461 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/04 19:09:59.0507 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/04 19:09:59.0554 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/04 19:09:59.0648 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/04 19:09:59.0695 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/01/04 19:09:59.0789 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/04 19:09:59.0836 mwlPSDFilter (a4a79414483ecf56eb1664a709b4d9a5) C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys
    2011/01/04 19:09:59.0898 mwlPSDNServ (2b535201b7ebf06653099c318066e036) C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys
    2011/01/04 19:09:59.0945 mwlPSDVDisk (8edba480be33b8b3f6bbb7a4ecb21454) C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys
    2011/01/04 19:10:00.0023 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/01/04 19:10:00.0101 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/04 19:10:00.0164 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/01/04 19:10:00.0226 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/04 19:10:00.0257 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/04 19:10:00.0304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/04 19:10:00.0367 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/04 19:10:00.0414 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/04 19:10:00.0476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/04 19:10:00.0586 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/04 19:10:00.0648 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/04 19:10:00.0742 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/04 19:10:00.0789 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/04 19:10:00.0836 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/04 19:10:00.0961 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/01/04 19:10:01.0023 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/04 19:10:01.0054 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/04 19:10:01.0179 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/04 19:10:01.0273 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/04 19:10:01.0351 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/04 19:10:01.0554 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/04 19:10:01.0601 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/04 19:10:01.0726 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/04 19:10:01.0789 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/04 19:10:01.0820 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/04 19:10:01.0867 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/04 19:10:01.0914 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/04 19:10:01.0961 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/04 19:10:02.0007 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/04 19:10:02.0054 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/04 19:10:02.0101 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/04 19:10:02.0164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/04 19:10:02.0226 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/04 19:10:02.0257 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/04 19:10:02.0336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/04 19:10:02.0382 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/04 19:10:02.0461 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/04 19:10:02.0554 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/04 19:10:02.0742 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/04 19:10:02.0804 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/01/04 19:10:02.0898 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/04 19:10:03.0023 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/04 19:10:03.0070 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/01/04 19:10:03.0195 SNP2UVC (85390c0059aa9953765bd13cf2ef5c76) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
    2011/01/04 19:10:03.0242 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/04 19:10:03.0320 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/04 19:10:03.0367 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/04 19:10:03.0429 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/04 19:10:03.0523 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/01/04 19:10:03.0586 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/04 19:10:03.0632 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/04 19:10:03.0695 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/04 19:10:03.0742 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/04 19:10:03.0789 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/04 19:10:03.0836 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/04 19:10:03.0914 SynTP (5cdd124913e91c7f79b4d5cae1c7c4de) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/01/04 19:10:03.0961 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/04 19:10:04.0070 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/04 19:10:04.0132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/04 19:10:04.0179 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/04 19:10:04.0242 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/04 19:10:04.0320 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/04 19:10:04.0398 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/04 19:10:04.0429 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/04 19:10:04.0492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/04 19:10:04.0601 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/04 19:10:04.0648 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/04 19:10:04.0679 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/04 19:10:04.0742 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/04 19:10:04.0804 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/04 19:10:04.0867 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/01/04 19:10:04.0945 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/04 19:10:05.0007 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/04 19:10:05.0070 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/04 19:10:05.0117 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/04 19:10:05.0195 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/04 19:10:05.0257 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/01/04 19:10:05.0336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/04 19:10:05.0492 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/04 19:10:05.0601 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/01/04 19:10:05.0664 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/04 19:10:05.0711 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/04 19:10:05.0836 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/04 19:10:05.0851 ================================================================================
    2011/01/04 19:10:05.0851 Scan finished
    2011/01/04 19:10:05.0851 ================================================================================
    2011/01/04 19:10:05.0882 Detected object count: 1
    2011/01/04 19:10:17.0039 \HardDisk0 - will be cured after reboot
    2011/01/04 19:10:17.0039 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/04 19:10:33.0304 Deinitialize success

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    Make sure you rebooted your system for the fix to take. With a rootkit there may be more to remove.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Dec 2010
    Posts
    5

    Default

    Hi Ken,

    Thanks for the quick reply, here is the log:-


    ComboFix 11-01-04.01 - T** W*** 04/01/2011 22:57:00.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1013.405 [GMT 0:00]
    Running from: c:\documents and settings\T** W***\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\FullRemove.exe
    c:\documents and settings\M** W***\Application Data\PriceGong
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\M** W***\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\M** W***\Application Data\searchqutb
    c:\documents and settings\M** W***\Application Data\searchqutb\dtx.ini
    c:\documents and settings\M** W***\Application Data\searchqutb\games\GameTypes.xml
    c:\documents and settings\M** W***\Application Data\searchqutb\guid.dat
    c:\documents and settings\M** W***\Application Data\searchqutb\preferences.dat
    c:\documents and settings\M** W***\Application Data\searchqutb\stats.dat
    c:\documents and settings\M** W***\Application Data\searchqutb\uninstallIE.dat
    c:\documents and settings\M** W***\Application Data\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
    c:\documents and settings\M** W***\Application Data\searchqutb\widgets_cache\category_cache.xml
    c:\documents and settings\M** W***\Application Data\searchqutb\widgets_cache\widget_cache.xml
    c:\documents and settings\NetworkService\Application Data\searchqutb
    c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini
    c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat
    c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml
    c:\documents and settings\T** W***\Application Data\PriceGong
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\T** W***\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\T** W***\Application Data\searchqutb
    c:\documents and settings\T** W***\Application Data\searchqutb\dtx.ini
    c:\documents and settings\T** W***\Application Data\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
    c:\documents and settings\T** W***\Application Data\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
    c:\documents and settings\T** W***\Application Data\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
    c:\documents and settings\T** W***\Application Data\searchqutb\games\GameCategories.xml
    c:\documents and settings\T** W***\Application Data\searchqutb\games\GameTypes.xml
    c:\documents and settings\T** W***\Application Data\searchqutb\guid.dat
    c:\documents and settings\T** W***\Application Data\searchqutb\preferences.dat
    c:\documents and settings\T** W***\Application Data\searchqutb\stats.dat
    c:\documents and settings\T** W***\Application Data\searchqutb\uninstallIE.dat
    c:\documents and settings\T** W***\Application Data\searchqutb\version.xml
    c:\documents and settings\T** W***\Application Data\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
    c:\documents and settings\T** W***\Application Data\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
    c:\documents and settings\T** W***\Application Data\searchqutb\widgets_cache\category_cache.xml
    c:\documents and settings\T** W***\Application Data\searchqutb\widgets_cache\widget_cache.xml
    c:\documents and settings\T** W***\Start Menu\Programs\Defragmenter
    c:\documents and settings\T** W***\Start Menu\Programs\Defragmenter\Uninstall Defragmenter.lnk
    c:\program files\Fun4IM\Plugins\IE\iePLugin.dll
    c:\program files\Windows Searchqu Toolbar
    c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
    c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
    c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
    c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
    c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
    c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
    c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
    c:\program files\Windows Searchqu Toolbar\uninstall.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE


    ((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
    .

    2011-01-04 19:23 . 2010-11-16 12:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-01-04 19:22 . 2010-11-16 12:01 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{537B1824-1336-49DB-97BF-D14270A98E64}\mpengine.dll
    2010-12-31 14:10 . 2010-12-31 14:11 -------- d-----w- c:\program files\ERUNT
    2010-12-30 21:16 . 2010-12-30 21:16 -------- d-----w- c:\documents and settings\T** W***\Application Data\Malwarebytes
    2010-12-30 21:16 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-30 21:16 . 2010-12-30 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-12-30 21:16 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-30 21:16 . 2010-12-30 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-29 18:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-12-29 17:59 . 2010-12-29 18:00 -------- d-----w- c:\program files\Microsoft Security Client
    2010-12-29 16:12 . 2010-12-29 16:12 -------- d-----w- c:\documents and settings\Administrator
    2010-12-20 18:28 . 2010-12-29 17:46 -------- d-----w- c:\documents and settings\M** W***\Application Data\Leatyl
    2010-12-20 18:28 . 2010-12-20 18:30 -------- d-----w- c:\documents and settings\M** W***\Application Data\Tahuk
    2010-12-19 21:42 . 2002-01-05 06:48 974848 ----a-w- c:\windows\system32\mfc70.dll
    2010-12-19 21:42 . 2002-01-05 05:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
    2010-12-19 21:42 . 2000-05-22 16:58 608448 ----a-w- c:\windows\system32\comctl32.ocx
    2010-12-19 21:42 . 2010-12-19 21:42 -------- d-----w- c:\program files\AML Products
    2010-12-19 14:33 . 2010-12-19 14:33 -------- d-----w- c:\documents and settings\T** W***\Local Settings\Application Data\Temp
    2010-12-18 11:09 . 2010-12-29 11:19 -------- d-----w- c:\documents and settings\T** W***\Application Data\Yboza
    2010-12-13 18:01 . 2010-12-13 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-24 21:25 . 2010-10-24 21:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
    2010-08-18 10:08 353656 ----a-w- c:\program files\PriceGong\2.1.0\PriceGongIE.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2010-02-01 10:03 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-06 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-16 141336]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-16 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-16 141336]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
    "RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
    "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
    "SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
    "EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" [2009-12-24 201512]
    "EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe" [2009-12-24 401192]
    "mwlDaemon"="c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2009-12-14 99712]
    "snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-12-14 202112]
    "snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-12-14 30080]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2010-04-08 908368]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "AMService"="c:\windows\system32\setup.exe" [2008-04-14 23040]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\NetworkService\Start Menu\Programs\Startup\
    Launch WhiteSmoke.lnk - c:\program files\WhiteSmoke\WSEnrichment.exe [N/A]

    c:\documents and settings\M** W***\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\T** W***\Start Menu\Programs\Startup\
    OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-5-6 704032]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=

    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [06/05/2010 10:36 17840]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [06/05/2010 10:36 15280]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [06/05/2010 10:36 58800]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [06/05/2010 17:31 312400]
    R2 Fun4IM Coordinator;Fun4IM Coordinator;c:\progra~1\Fun4IM\Bandoo.exe [23/11/2010 18:45 1938880]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [06/05/2010 10:42 260640]
    R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [06/05/2010 10:19 243232]
    R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [06/05/2010 17:30 60456]
    R3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [01/02/2010 10:04 305520]
    S2 AMService;AMService;c:\windows\TEMP\lrtj\setup.exe run --> c:\windows\TEMP\lrtj\setup.exe run [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/09/2010 16:28 135664]
    S2 kroover;kroover; [x]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [06/05/2010 10:02 1691480]
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 16:27]

    2011-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 16:27]

    2011-01-04 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    mStart Page = hxxp://home.sweetim.com
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{4ABD3CBD-6269-4A28-8E91-F08512208658} - (no file)
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-04 23:07
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2272)
    c:\windows\system32\WININET.dll
    c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
    c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
    c:\program files\EgisTec MyWinLocker\x86\XmlLite.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\OpenOffice.org 3\program\soffice.exe
    c:\program files\OpenOffice.org 3\program\soffice.bin
    c:\program files\Launch Manager\LMworker.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-01-04 23:11:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-04 23:11

    Pre-Run: 131,023,101,952 bytes free
    Post-Run: 131,554,701,312 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - B68DF6AC6BAB7F7F7A786931D312E247

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good, lets sweep for leftovers


    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please





    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic



    Post both reports and let me know how things are running now ???
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Dec 2010
    Posts
    5

    Default

    Hi Ken,

    Again many thanks for the quick response. MBAM log:-


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5462

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/01/2011 07:57:30
    mbam-log-2011-01-05 (07-57-30).txt

    Scan type: Quick scan
    Objects scanned: 170647
    Time elapsed: 6 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ESET log:-


    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=43bacf179a79de468f7d1cfe47f5666d
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-05 09:05:31
    # local_time=2011-01-05 09:05:31 (+0000, GMT Standard Time)
    # country="United Kingdom"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1024 16777215 100 0 1954998 1954998 0 0
    # compatibility_mode=5891 16776533 42 87 35737 6259493 0 0
    # compatibility_mode=8192 67108863 100 0 3896 3896 0 0
    # scanned=51240
    # found=6
    # cleaned=6
    # scan_time=3303
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM52.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM55.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM78.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\System Volume Information\_restore{F20C30C5-8A6A-4FE3-9202-06D7D970912C}\RP22\A0011651.exe a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    The machine is now running much better, IE8 opens and web searches are not being hijacked.

    However, I do have a XP message on start-up (once logged in) asking that I go to Control Panel and install components - it doesn't say which ones - I'm guessing it's a consequence of me running the ccleaner registry cleaner.

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    As far as your start up messages, I will link you to a windows forum for help with that as we just do malware removal on this one. Fooling around with registry cleaners is not a good idea unless your a windows expert and understand exactly what your removing. Remove unneeded obsolete entries and you will see no difference in system performance, remove legit ones and you can make your system unbootable. Even the good legit registry cleaner programs do make mistakes at times .
    http://forums.whatthetech.com/index.php?showforum=119
    This site like Safer Networking is free but you will need to register.

    Malwarebytes came back clean and its the free version and yours to keep.

    ESET <-Found bad stuff in your Spybot Recovery folder, open up Spybot and go to Recovery and purge everything thats in there.

    It also found bad entries in your System Restore program, we need to flush it all out.

    System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

    Please follow the steps below to create a clean restore point:
    1. Click Start > Run > copy and paste the following into the run box:
      %SystemRoot%\System32\restore\rstrui.exe
    2. Press OK. Choose Create a Restore Point then click Next.
    3. Name it (something you'll remember) and click Create.
    4. When the confirmation screen shows the restore point has been created click Close.


    Then remove all previous Restore Points
    1. Click Start > Run > copy and paste the following into the run box:
      cleanmgr
    2. Choose to scan drive C:\ (if C:\ is your main drive).
    3. At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
    4. Click on the Yes button.
    5. When finished, click on Cancel button to exit.





    Now to remove most of the tools that we have used in fixing your machine:
    • Make sure you have an Internet Connection.
    • Download OTC to your desktop and run it
    • A list of tool components used in the cleanup of malware will be downloaded.
    • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
    • Click Yes to begin the cleanup process and remove these components, including this application.
    • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.







    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Junior Member
    Join Date
    Dec 2010
    Posts
    5

    Default



    Ken,

    Many thanks for helping me out, I'm very much olbliged!

    Kind regards

    TW

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your very welcome.

    I wanted to add that CCleaner is a fine program, use it if you wish to clean out temp files and Temporary Internet files but don't fool with the registry cleaner part of it.

    Here is a better cleaner , its free and yours to use . I run this a few times a week on all my systems.

    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.




    Take care,

    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •