PDA

View Full Version : can someone help please



Cloudz
2011-09-06, 12:21
Hi hope i am posting in correct place new to this i have a dell inspiron duo 1090 that i think is heavily infected i have ran Erunt as instructed however DDS will not run :sad:

Blade81
2011-09-09, 11:30
Hi,

What happens when you try to run DDS?

Cloudz
2011-09-10, 23:11
Hi Blade thanks for response

DDS was opening and running then at the end wouldnt create the reports to post here Ii tried again after reading your response and it has now created the two files first as below and second as attached zip

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by briansanderson at 20:47:13 on 2011-09-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1254 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\vds.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\briansanderson\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [SystemExplorerAutoStart] "c:\program files\system explorer\SystemExplorer.exe" /TRAY
uRun: [RockMelt Update] "c:\users\briansanderson\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F585EAE-C0CE-4E42-B674-7EBC522077B1} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\briansanderson\appdata\roaming\mozilla\firefox\profiles\95x967xd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e5122b6&v=7.007.026.001&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\briansanderson\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-4 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-4 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\aol computer checkup\AOLDefragSrv.exe [2011-8-4 248328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-4 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-4 54616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\dell wireless\Ath_CoexAgent.exe [2011-8-4 135168]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-9 44768]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-18 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-12-18 123008]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-12-18 13336]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2011-8-14 1692480]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2010-7-30 47144]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2010-12-18 28272]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\drivers\QWARQNet.sys [2010-12-18 10624]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S3 AWiCSrvc;AWiCSrvc;c:\program files\dell wireless\AWiCSrvc.exe [2011-8-4 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-5 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-20 27192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-24 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-09-10 11:10:32 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eec744d0-7a0b-4f8e-9c97-c7d7dc3c3025}\mpengine.dll
2011-09-08 21:15:22 -------- d-----w- c:\users\briansanderson\appdata\roaming\OpenOffice.org
2011-09-08 21:10:05 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-06 18:37:44 -------- d-----w- c:\users\briansanderson\appdata\local\Microsoft Games
2011-09-06 07:17:32 -------- d-----w- c:\users\briansanderson\appdata\local\RockMelt
2011-09-05 09:53:11 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-09-05 09:53:11 -------- d-----w- c:\users\briansanderson\appdata\local\eSupport.com
2011-09-04 19:01:17 -------- d-----w- c:\programdata\SystemExplorer
2011-09-04 19:01:14 -------- d-----w- c:\program files\System Explorer
2011-09-04 07:29:43 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-04 07:29:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-04 07:29:31 41184 ----a-w- c:\windows\avastSS.scr
2011-08-31 15:58:40 -------- d-----w- C:\MGtools
2011-08-25 05:06:26 -------- d-----w- C:\Panda Software
2011-08-24 16:50:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:36:03 -------- d-----w- C:\Panda Security
2011-08-23 06:31:30 -------- d-----w- c:\users\briansanderson\appdata\roaming\f-secure
2011-08-23 06:30:33 -------- d-----w- c:\programdata\F-Secure
2011-08-23 06:05:49 -------- d-----w- c:\programdata\boost_interprocess
2011-08-22 14:23:22 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-08-21 21:06:31 -------- d-----w- c:\programdata\Panda Security
2011-08-21 15:12:12 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-08-21 15:12:12 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-08-21 15:12:12 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-08-21 15:12:11 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-08-21 15:12:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-08-21 15:10:18 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-08-21 15:10:18 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-08-21 12:59:04 -------- d-----w- c:\program files\Safer Networking
2011-08-20 14:48:20 -------- d-----w- c:\users\briansanderson\appdata\roaming\Bandoo
2011-08-20 14:48:03 -------- d-----w- c:\users\briansanderson\appdata\local\Ilivid Player
2011-08-20 14:45:54 -------- d-----w- c:\program files\iLivid
2011-08-20 14:45:03 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-08-20 14:44:38 -------- d-----w- c:\users\briansanderson\appdata\local\PackageAware
2011-08-20 11:56:39 -------- d-----w- c:\users\briansanderson\appdata\roaming\VS Revo Group
2011-08-20 11:55:27 -------- d-----w- c:\users\briansanderson\appdata\local\VS Revo Group
2011-08-20 11:55:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-20 11:55:15 -------- d-----w- c:\program files\VS Revo Group
2011-08-20 11:54:48 -------- d-----w- c:\programdata\BabylonUpdater
2011-08-20 11:54:44 -------- d-----w- c:\programdata\Babylon
2011-08-20 11:29:54 -------- d-----w- c:\program files\CCleaner
2011-08-20 09:32:37 -------- d-----w- c:\users\briansanderson\appdata\local\Google
2011-08-19 19:30:06 -------- d-----w- c:\program files\STOPzilla!
2011-08-19 19:30:06 -------- d-----w- c:\program files\common files\iS3
2011-08-19 19:30:05 -------- d-----w- c:\programdata\STOPzilla!
2011-08-19 19:18:01 -------- d-----w- c:\users\briansanderson\appdata\roaming\QuickScan
2011-08-18 16:44:18 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-08-18 16:44:18 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-08-18 16:44:18 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-08-18 16:44:16 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-08-18 16:44:16 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-08-18 16:44:16 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-08-18 16:44:16 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-08-18 16:44:16 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-08-18 16:44:14 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-08-18 16:44:14 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-08-18 16:44:14 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-08-18 16:44:14 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-08-18 13:51:11 -------- d-----w- c:\users\briansanderson\appdata\local\Dell Edoc Viewer
2011-08-18 13:13:54 -------- d-----w- C:\inetpub
2011-08-18 12:34:15 -------- d-----w- c:\users\briansanderson\Master Folder
2011-08-18 12:34:13 528 ----a-r- c:\users\briansanderson\MediaID.bin
2011-08-18 12:34:13 20345 ----a-w- c:\users\briansanderson\CWSDPR0.EXE
2011-08-18 12:34:13 20217 ----a-w- c:\users\briansanderson\CWSDPMI.EXE
2011-08-18 12:34:13 16 ----a-w- c:\users\briansanderson\PASS.BAT
2011-08-18 12:34:13 15 ----a-w- c:\users\briansanderson\RESTART.COM
2011-08-18 12:34:13 144896 ----a-w- c:\users\briansanderson\RWINPASS.EXE
2011-08-18 12:34:13 13134 ----a-w- c:\users\briansanderson\CWSPARAM.EXE
2011-08-18 12:34:13 118691 ----a-w- c:\users\briansanderson\NTFS4DOS.EXE
2011-08-18 12:34:13 -------- d-----r- c:\users\briansanderson\BRIANSANDERSON
2011-08-18 12:34:11 -------- d-----w- c:\users\briansanderson\Q10734-Wolseley -Kirk Sandwell
2011-08-18 12:34:10 -------- d-----w- c:\users\briansanderson\Q10684 Excel Construction Garden Road Richmond
2011-08-17 07:07:58 -------- d-----w- c:\users\briansanderson\appdata\local\Diagnostics
2011-08-14 17:14:05 -------- d-----w- c:\users\briansanderson\appdata\local\CrashDumps
2011-08-14 17:11:19 -------- d-----w- c:\users\briansanderson\appdata\roaming\AOL
2011-08-14 17:06:01 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-14 15:06:27 98816 ----a-w- c:\windows\sed.exe
2011-08-14 15:06:27 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 14:16:52 -------- d-----w- c:\program files\WinPcap
2011-08-14 14:16:17 -------- d-----w- c:\program files\Trend Micro
2011-08-14 14:05:51 -------- d-----w- c:\users\briansanderson\My Backup Files
2011-08-14 13:59:16 -------- d-----w- C:\Temp
2011-08-14 13:54:46 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 13:54:35 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2011-08-14 13:24:58 -------- d-----w- c:\users\briansanderson\appdata\roaming\Dell
2011-08-14 13:24:55 -------- d-----w- c:\users\briansanderson\appdata\roaming\PCDr
2011-08-14 10:11:00 -------- d-----w- c:\users\briansanderson\appdata\local\Adobe
2011-08-13 07:54:20 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-12 11:13:07 -------- d-----w- c:\program files\Emsisoft HiJackFree
2011-08-12 10:57:51 -------- d-----w- c:\users\briansanderson\appdata\roaming\AVG
2011-08-12 10:07:25 -------- d-----w- c:\users\briansanderson\appdata\roaming\AVG10
2011-08-12 10:04:31 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-12 10:04:31 -------- d-----w- c:\programdata\AVG10
2011-08-12 10:03:28 -------- d-----w- c:\program files\AVG
2011-08-12 09:56:49 -------- d--h--w- c:\programdata\Common Files
2011-08-12 09:56:16 -------- d-----w- c:\programdata\MFAData
2011-08-12 08:56:40 -------- d-----w- c:\users\briansanderson\appdata\local\Mozilla
2011-08-12 08:39:20 -------- d-----w- c:\users\briansanderson\appdata\roaming\Intel Corporation
2011-08-12 08:37:24 -------- d-----w- c:\users\briansanderson\appdata\local\VirtualStore
2011-08-12 08:32:22 -------- d-----w- C:\VritualRoot
.
==================== Find3M ====================
.
2011-08-27 08:47:43 1868 ----a-w- c:\windows\system32\ASOROSet.bin
2011-08-19 15:59:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 15:27:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-09 15:27:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-09 15:27:56 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-04 15:26:56 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 19:59:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-13 04:54:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-13 04:19:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
.
============= FINISH: 20:49:49.67 ===============

hope i have done this correct and again thank you for your help


regards Cloudz

Blade81
2011-09-11, 00:42
Hi,

What are current symptoms with the system?

Cloudz
2011-09-11, 14:10
Hi

its running very very slowly, sometimes it logs onto a temp profile not the user profile i cant run the data safe restore to factory even tho the image shows up i cant access it the mouse on the touchpad has a mind of its own sometimes and i get redirected on searches sometimes sometimes it wont let me connect to the internet

thanks

cloudz

Blade81
2011-09-11, 17:18
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

Cloudz
2011-09-11, 20:08
is this what you meant?


2011/09/11 18:04:59.0875 4008 TDSS rootkit removing tool 2.5.21.0 Sep 10 2011 21:07:05
2011/09/11 18:05:00.0086 4008 ================================================================================
2011/09/11 18:05:00.0086 4008 SystemInfo:
2011/09/11 18:05:00.0086 4008
2011/09/11 18:05:00.0087 4008 OS Version: 6.1.7601 ServicePack: 1.0
2011/09/11 18:05:00.0087 4008 Product type: Workstation
2011/09/11 18:05:00.0088 4008 ComputerName: BRIANSANDERSON
2011/09/11 18:05:00.0088 4008 UserName: briansanderson
2011/09/11 18:05:00.0089 4008 Windows directory: C:\Windows
2011/09/11 18:05:00.0089 4008 System windows directory: C:\Windows
2011/09/11 18:05:00.0089 4008 Processor architecture: Intel x86
2011/09/11 18:05:00.0089 4008 Number of processors: 4
2011/09/11 18:05:00.0089 4008 Page size: 0x1000
2011/09/11 18:05:00.0089 4008 Boot type: Normal boot
2011/09/11 18:05:00.0089 4008 ================================================================================
2011/09/11 18:05:01.0179 4008 Initialize success
2011/09/11 18:05:08.0532 7360 ================================================================================
2011/09/11 18:05:08.0532 7360 Scan started
2011/09/11 18:05:08.0532 7360 Mode: Manual;
2011/09/11 18:05:08.0532 7360 ================================================================================
2011/09/11 18:05:09.0021 7360 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/09/11 18:05:09.0116 7360 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/09/11 18:05:09.0187 7360 acpials (79d6b28027c398b728ce7cd0570248b0) C:\Windows\system32\DRIVERS\acpials.sys
2011/09/11 18:05:09.0304 7360 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/09/11 18:05:09.0392 7360 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/09/11 18:05:09.0515 7360 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/09/11 18:05:09.0578 7360 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/09/11 18:05:09.0724 7360 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/09/11 18:05:09.0843 7360 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/09/11 18:05:09.0911 7360 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/09/11 18:05:10.0041 7360 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/09/11 18:05:10.0116 7360 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/09/11 18:05:10.0209 7360 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/09/11 18:05:10.0280 7360 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/09/11 18:05:10.0396 7360 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/09/11 18:05:10.0490 7360 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/09/11 18:05:10.0601 7360 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/09/11 18:05:10.0647 7360 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/09/11 18:05:10.0789 7360 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/09/11 18:05:10.0923 7360 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/09/11 18:05:11.0019 7360 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/09/11 18:05:11.0175 7360 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
2011/09/11 18:05:11.0306 7360 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
2011/09/11 18:05:11.0383 7360 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
2011/09/11 18:05:11.0527 7360 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
2011/09/11 18:05:11.0620 7360 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
2011/09/11 18:05:11.0755 7360 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
2011/09/11 18:05:11.0824 7360 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/11 18:05:11.0972 7360 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/09/11 18:05:12.0117 7360 ATHDFU (70441751b1d988608e135d4f903aba5c) C:\Windows\system32\Drivers\AthDfu.sys
2011/09/11 18:05:12.0271 7360 athr (fd08d220342c0f5556ee1d1a618817dd) C:\Windows\system32\DRIVERS\athr.sys
2011/09/11 18:05:12.0585 7360 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/09/11 18:05:12.0662 7360 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/09/11 18:05:12.0766 7360 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/09/11 18:05:12.0911 7360 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/11 18:05:12.0985 7360 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/11 18:05:13.0068 7360 BRCMDECO (a829cae879189857448f0e05c982f592) C:\Windows\system32\DRIVERS\BRCMHD32.sys
2011/09/11 18:05:13.0225 7360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/09/11 18:05:13.0285 7360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/09/11 18:05:13.0386 7360 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/09/11 18:05:13.0497 7360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/11 18:05:13.0556 7360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/11 18:05:13.0670 7360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/11 18:05:14.0133 7360 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/09/11 18:05:14.0317 7360 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/09/11 18:05:14.0383 7360 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/09/11 18:05:14.0547 7360 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\system32\Drivers\BTHport.sys
2011/09/11 18:05:14.0633 7360 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\system32\Drivers\BTHUSB.sys
2011/09/11 18:05:14.0749 7360 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/11 18:05:14.0842 7360 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/09/11 18:05:14.0961 7360 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/11 18:05:15.0065 7360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/09/11 18:05:15.0223 7360 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/11 18:05:15.0534 7360 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/09/11 18:05:15.0686 7360 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/09/11 18:05:15.0820 7360 CnxtHdAudService (a08d9a4eb4f9d2faa1d4e10bc91b695c) C:\Windows\system32\drivers\CHDRT32.sys
2011/09/11 18:05:15.0908 7360 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/11 18:05:16.0031 7360 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/09/11 18:05:16.0159 7360 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/09/11 18:05:16.0545 7360 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/09/11 18:05:16.0648 7360 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/09/11 18:05:16.0763 7360 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/09/11 18:05:16.0901 7360 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/09/11 18:05:17.0025 7360 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\Windows\system32\Drivers\DrvAgent32.sys
2011/09/11 18:05:17.0116 7360 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/11 18:05:17.0365 7360 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/09/11 18:05:17.0612 7360 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/09/11 18:05:17.0706 7360 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/09/11 18:05:17.0875 7360 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/09/11 18:05:17.0947 7360 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/09/11 18:05:18.0094 7360 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/11 18:05:18.0196 7360 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/09/11 18:05:18.0258 7360 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/09/11 18:05:18.0326 7360 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/11 18:05:18.0441 7360 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/09/11 18:05:18.0553 7360 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/09/11 18:05:18.0689 7360 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/11 18:05:18.0769 7360 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/11 18:05:18.0885 7360 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/09/11 18:05:19.0038 7360 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/11 18:05:19.0122 7360 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/09/11 18:05:19.0225 7360 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/09/11 18:05:19.0299 7360 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/09/11 18:05:19.0360 7360 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/09/11 18:05:19.0489 7360 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/09/11 18:05:19.0620 7360 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/11 18:05:19.0715 7360 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/09/11 18:05:19.0836 7360 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/11 18:05:19.0919 7360 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/09/11 18:05:20.0076 7360 iaStor (db81f413fa4e3f328cad7b5d59ef3f21) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/11 18:05:20.0187 7360 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/09/11 18:05:20.0489 7360 igfx (ba41e1bba410212ce6d30e0dac47972b) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/11 18:05:20.0689 7360 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/09/11 18:05:20.0820 7360 inspect (5f2116fbf97a557b5adee8761d0b9c48) C:\Windows\system32\DRIVERS\inspect.sys
2011/09/11 18:05:20.0919 7360 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/09/11 18:05:21.0022 7360 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/11 18:05:21.0138 7360 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/11 18:05:21.0247 7360 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/11 18:05:21.0378 7360 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/09/11 18:05:21.0437 7360 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/09/11 18:05:21.0546 7360 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys
2011/09/11 18:05:21.0646 7360 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/09/11 18:05:21.0801 7360 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/11 18:05:21.0899 7360 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/09/11 18:05:21.0980 7360 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/09/11 18:05:22.0091 7360 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/11 18:05:22.0174 7360 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/11 18:05:22.0396 7360 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/11 18:05:22.0576 7360 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/09/11 18:05:22.0812 7360 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/09/11 18:05:22.0886 7360 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/09/11 18:05:23.0004 7360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/09/11 18:05:23.0097 7360 LSM303DLH (558c83bcfb81950d91a607997d177288) C:\Windows\system32\DRIVERS\LSM303DLH.sys
2011/09/11 18:05:23.0222 7360 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/09/11 18:05:23.0308 7360 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/09/11 18:05:23.0382 7360 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/09/11 18:05:23.0564 7360 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/09/11 18:05:23.0636 7360 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/11 18:05:23.0709 7360 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/09/11 18:05:23.0834 7360 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/11 18:05:23.0914 7360 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/11 18:05:24.0026 7360 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/09/11 18:05:24.0100 7360 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/11 18:05:24.0253 7360 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/09/11 18:05:24.0337 7360 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/11 18:05:24.0470 7360 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/11 18:05:24.0552 7360 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/11 18:05:24.0660 7360 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/09/11 18:05:24.0724 7360 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/09/11 18:05:24.0851 7360 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/09/11 18:05:24.0963 7360 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/11 18:05:25.0039 7360 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/09/11 18:05:25.0193 7360 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/11 18:05:25.0245 7360 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/11 18:05:25.0307 7360 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/09/11 18:05:25.0419 7360 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/09/11 18:05:25.0510 7360 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/09/11 18:05:25.0627 7360 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/09/11 18:05:25.0696 7360 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/09/11 18:05:25.0759 7360 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/09/11 18:05:25.0897 7360 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/11 18:05:25.0993 7360 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/09/11 18:05:26.0072 7360 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/11 18:05:26.0191 7360 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/11 18:05:26.0248 7360 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/11 18:05:26.0324 7360 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/11 18:05:26.0438 7360 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/09/11 18:05:26.0513 7360 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/11 18:05:26.0635 7360 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/11 18:05:26.0799 7360 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/09/11 18:05:26.0962 7360 NPF (b9730495e0cf674680121e34bd95a73b) C:\Windows\system32\drivers\npf.sys
2011/09/11 18:05:27.0034 7360 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/09/11 18:05:27.0185 7360 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/11 18:05:27.0316 7360 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/09/11 18:05:27.0476 7360 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/09/11 18:05:27.0557 7360 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/09/11 18:05:27.0666 7360 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/09/11 18:05:27.0756 7360 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/09/11 18:05:27.0863 7360 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/09/11 18:05:27.0974 7360 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/09/11 18:05:28.0049 7360 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/09/11 18:05:28.0160 7360 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/09/11 18:05:28.0316 7360 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/09/11 18:05:28.0428 7360 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/09/11 18:05:28.0508 7360 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/09/11 18:05:28.0619 7360 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/09/11 18:05:28.0717 7360 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/09/11 18:05:29.0162 7360 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/11 18:05:29.0222 7360 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/09/11 18:05:29.0343 7360 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/11 18:05:29.0522 7360 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/09/11 18:05:29.0612 7360 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/09/11 18:05:29.0812 7360 QWARQNet (03a79a2cf1fd2caf00ccafaa55d01da1) C:\Windows\system32\DRIVERS\QWARQNet.sys
2011/09/11 18:05:29.0920 7360 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/11 18:05:30.0031 7360 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/11 18:05:30.0102 7360 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/11 18:05:30.0188 7360 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/11 18:05:30.0322 7360 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/11 18:05:30.0386 7360 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/11 18:05:30.0467 7360 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/11 18:05:30.0595 7360 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/11 18:05:30.0673 7360 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/11 18:05:30.0821 7360 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/11 18:05:30.0905 7360 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/11 18:05:30.0985 7360 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/09/11 18:05:31.0098 7360 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/09/11 18:05:31.0223 7360 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
2011/09/11 18:05:31.0335 7360 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/09/11 18:05:31.0526 7360 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/11 18:05:31.0620 7360 RSUSBSTOR (a633399432491bb173bb3cf3b41b9c55) C:\Windows\system32\Drivers\RtsUStor.sys
2011/09/11 18:05:31.0835 7360 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/09/11 18:05:31.0945 7360 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/11 18:05:32.0088 7360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/11 18:05:32.0268 7360 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/11 18:05:32.0353 7360 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/09/11 18:05:32.0479 7360 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/09/11 18:05:32.0663 7360 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/09/11 18:05:32.0723 7360 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/11 18:05:32.0845 7360 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/11 18:05:32.0934 7360 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/09/11 18:05:33.0123 7360 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/09/11 18:05:33.0211 7360 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/09/11 18:05:33.0326 7360 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/09/11 18:05:33.0413 7360 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/09/11 18:05:33.0605 7360 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/09/11 18:05:33.0798 7360 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/09/11 18:05:33.0900 7360 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/11 18:05:33.0997 7360 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/11 18:05:34.0135 7360 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/09/11 18:05:34.0246 7360 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/09/11 18:05:34.0393 7360 SynTP (957539e35bcd76d4ef08df5136c6d382) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/11 18:05:34.0537 7360 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\DRIVERS\szkg.sys
2011/09/11 18:05:34.0597 7360 szkgfs (410a02a920fa9daeec56364e839597c1) C:\Windows\system32\drivers\szkgfs.sys
2011/09/11 18:05:34.0795 7360 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/09/11 18:05:34.0964 7360 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/11 18:05:35.0116 7360 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/11 18:05:35.0236 7360 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/09/11 18:05:35.0348 7360 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/09/11 18:05:35.0441 7360 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/11 18:05:35.0585 7360 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/09/11 18:05:35.0763 7360 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/11 18:05:35.0837 7360 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/11 18:05:35.0964 7360 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/11 18:05:36.0063 7360 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/09/11 18:05:36.0197 7360 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/11 18:05:36.0336 7360 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/11 18:05:36.0454 7360 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/11 18:05:36.0535 7360 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/09/11 18:05:36.0680 7360 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/11 18:05:36.0764 7360 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/09/11 18:05:36.0903 7360 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/11 18:05:36.0995 7360 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/11 18:05:37.0111 7360 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
2011/09/11 18:05:37.0190 7360 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/11 18:05:37.0299 7360 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/09/11 18:05:37.0363 7360 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/11 18:05:37.0440 7360 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
2011/09/11 18:05:37.0600 7360 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/11 18:05:37.0722 7360 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/11 18:05:37.0837 7360 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/09/11 18:05:37.0917 7360 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/09/11 18:05:38.0050 7360 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/09/11 18:05:38.0135 7360 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/09/11 18:05:38.0262 7360 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/09/11 18:05:38.0349 7360 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/09/11 18:05:38.0437 7360 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/09/11 18:05:38.0565 7360 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/09/11 18:05:38.0665 7360 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/09/11 18:05:38.0796 7360 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/09/11 18:05:38.0886 7360 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/09/11 18:05:39.0071 7360 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/09/11 18:05:39.0159 7360 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/11 18:05:39.0215 7360 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/11 18:05:39.0464 7360 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/09/11 18:05:39.0548 7360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/11 18:05:39.0748 7360 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/11 18:05:39.0881 7360 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/09/11 18:05:39.0956 7360 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/09/11 18:05:40.0263 7360 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/11 18:05:40.0456 7360 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/11 18:05:40.0602 7360 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/09/11 18:05:40.0728 7360 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/11 18:05:40.0923 7360 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/11 18:05:41.0001 7360 Boot (0x1200) (6c28ae39b02a8867e22239bfa5d95c95) \Device\Harddisk0\DR0\Partition0
2011/09/11 18:05:41.0067 7360 Boot (0x1200) (0aa9354996171d01b02aa08fa927ddf1) \Device\Harddisk0\DR0\Partition1
2011/09/11 18:05:41.0097 7360 ================================================================================
2011/09/11 18:05:41.0097 7360 Scan finished
2011/09/11 18:05:41.0097 7360 ================================================================================
2011/09/11 18:05:41.0149 8016 Detected object count: 0
2011/09/11 18:05:41.0149 8016 Actual detected object count: 0

Blade81
2011-09-11, 20:45
Yes, that's the log. Let's continue.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Cloudz
2011-09-12, 10:57
Hi Blade

I have downloaded ComFix however it will not run i keep gettin a msg saying windows cannot find NIRCMD. what does this mean?

regards

cloudz

Blade81
2011-09-12, 12:04
Hi,

Turn off your protection software before downloading and running ComboFix.

Cloudz
2011-09-12, 22:06
Hi Blaze

reports as requested

Combofix

ComboFix 11-09-12.02 - briansanderson 12/09/2011 18:43:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1154 [GMT 1:00]
Running from: c:\users\briansanderson\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\mfc100deu.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-12 to 2011-09-12 )))))))))))))))))))))))))))))))
.
.
2011-09-12 18:40 . 2011-09-12 18:41 -------- d-----w- c:\users\briansanderson\AppData\Local\temp
2011-09-12 18:40 . 2011-09-12 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 11:10 . 2011-08-16 07:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC744D0-7A0B-4F8E-9C97-C7D7DC3C3025}\mpengine.dll
2011-09-08 21:15 . 2011-09-08 21:15 -------- d-----w- c:\users\briansanderson\AppData\Roaming\OpenOffice.org
2011-09-08 21:10 . 2011-09-08 21:10 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-06 18:37 . 2011-09-06 19:18 -------- d-----w- c:\users\briansanderson\AppData\Local\Microsoft Games
2011-09-06 08:56 . 2011-09-06 08:56 -------- d-----w- c:\program files\ERUNT
2011-09-06 07:17 . 2011-09-06 07:18 -------- d-----w- c:\users\briansanderson\AppData\Local\RockMelt
2011-09-05 09:53 . 2011-09-05 09:53 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-09-05 09:53 . 2011-09-05 09:53 -------- d-----w- c:\users\briansanderson\AppData\Local\eSupport.com
2011-09-04 07:29 . 2011-09-04 07:30 -------- d-----w- c:\program files\Google
2011-09-04 07:29 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-04 07:29 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-04 07:29 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-04 07:29 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-04 07:29 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-04 07:29 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-04 07:29 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-04 07:29 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 15:58 . 2011-09-04 18:49 -------- d-----w- C:\MGtools
2011-08-25 05:06 . 2011-08-25 05:06 -------- d-----w- C:\Panda Software
2011-08-24 16:50 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:36 . 2011-08-23 20:36 -------- d-----w- C:\Panda Security
2011-08-23 06:31 . 2011-08-23 06:31 -------- d-----w- c:\users\briansanderson\AppData\Roaming\f-secure
2011-08-23 06:30 . 2011-08-23 06:30 -------- d-----w- c:\programdata\F-Secure
2011-08-23 06:05 . 2011-08-23 06:05 -------- d-----w- c:\programdata\boost_interprocess
2011-08-22 14:23 . 2011-08-22 14:23 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-08-21 21:06 . 2011-08-25 16:28 -------- d-----w- c:\programdata\Panda Security
2011-08-21 15:12 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 15:12 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 15:12 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 15:12 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 15:12 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 15:10 . 2011-08-21 15:10 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 15:10 . 2011-08-21 15:10 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 12:59 . 2011-08-21 12:59 -------- d-----w- c:\program files\Safer Networking
2011-08-20 14:48 . 2011-08-20 14:48 -------- d-----w- c:\users\briansanderson\AppData\Roaming\Bandoo
2011-08-20 14:48 . 2011-08-20 14:48 -------- d-----w- c:\users\briansanderson\AppData\Local\Ilivid Player
2011-08-20 14:45 . 2011-08-20 20:03 -------- d-----w- c:\program files\iLivid
2011-08-20 14:45 . 2011-08-20 14:45 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-08-20 14:44 . 2011-08-20 14:44 -------- d-----w- c:\users\briansanderson\AppData\Local\PackageAware
2011-08-20 11:56 . 2011-08-20 11:56 -------- d-----w- c:\users\briansanderson\AppData\Roaming\VS Revo Group
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\users\briansanderson\AppData\Local\VS Revo Group
2011-08-20 11:55 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\program files\VS Revo Group
2011-08-20 11:54 . 2011-08-20 11:54 -------- d-----w- c:\programdata\Babylon
2011-08-20 11:29 . 2011-08-20 11:29 -------- d-----w- c:\program files\CCleaner
2011-08-20 09:32 . 2011-09-04 07:33 -------- d-----w- c:\users\briansanderson\AppData\Local\Google
2011-08-19 19:30 . 2011-09-12 17:21 -------- d-----w- c:\programdata\STOPzilla!
2011-08-19 19:18 . 2011-08-19 19:18 -------- d-----w- c:\users\briansanderson\AppData\Roaming\QuickScan
2011-08-18 13:51 . 2011-08-18 13:51 -------- d-----w- c:\users\briansanderson\AppData\Local\Dell Edoc Viewer
2011-08-18 13:13 . 2011-08-18 13:13 -------- d-----w- C:\inetpub
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Master Folder
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----r- c:\users\briansanderson\BRIANSANDERSON
2011-08-18 12:34 . 2011-08-12 08:48 528 ----a-r- c:\users\briansanderson\MediaID.bin
2011-08-18 12:34 . 2010-12-08 15:41 144896 ----a-w- c:\users\briansanderson\RWINPASS.EXE
2011-08-18 12:34 . 2010-05-05 14:58 16 ----a-w- c:\users\briansanderson\PASS.BAT
2011-08-18 12:34 . 2009-04-03 08:56 118691 ----a-w- c:\users\briansanderson\NTFS4DOS.EXE
2011-08-18 12:34 . 2001-05-25 22:05 15 ----a-w- c:\users\briansanderson\RESTART.COM
2011-08-18 12:34 . 1996-08-18 17:46 20217 ----a-w- c:\users\briansanderson\CWSDPMI.EXE
2011-08-18 12:34 . 1996-08-11 15:09 20345 ----a-w- c:\users\briansanderson\CWSDPR0.EXE
2011-08-18 12:34 . 1996-07-26 16:08 13134 ----a-w- c:\users\briansanderson\CWSPARAM.EXE
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Q10734-Wolseley -Kirk Sandwell
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Q10684 Excel Construction Garden Road Richmond
2011-08-17 07:07 . 2011-09-02 12:22 -------- d-----w- c:\users\briansanderson\AppData\Local\Diagnostics
2011-08-14 17:14 . 2011-09-06 20:30 -------- d-----w- c:\users\briansanderson\AppData\Local\CrashDumps
2011-08-14 17:11 . 2011-08-14 17:11 -------- d-----w- c:\users\briansanderson\AppData\Roaming\AOL
2011-08-14 14:16 . 2011-08-14 14:16 -------- d-----w- c:\program files\WinPcap
2011-08-14 14:16 . 2011-09-04 18:32 -------- d-----w- c:\program files\Trend Micro
2011-08-14 14:05 . 2011-08-14 14:05 -------- d-----w- c:\users\briansanderson\My Backup Files
2011-08-14 13:59 . 2011-08-18 12:35 -------- d-----w- C:\Temp
2011-08-14 13:54 . 2006-11-01 17:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 13:54 . 2011-09-12 17:32 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2011-08-14 13:24 . 2011-08-14 13:24 -------- d-----w- c:\users\briansanderson\AppData\Roaming\Dell
2011-08-14 13:24 . 2011-08-14 13:24 -------- d-----w- c:\users\briansanderson\AppData\Roaming\PCDr
2011-08-14 10:11 . 2011-08-14 11:06 -------- d-----w- c:\users\briansanderson\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 18:46 . 2011-08-31 15:58 188296 ----a-w- C:\MGlogs.zip
2011-08-19 15:59 . 2011-08-09 08:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 15:27 . 2011-08-09 15:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-09 15:27 . 2011-08-09 15:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-09 15:27 . 2011-08-09 15:27 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-04 15:26 . 2011-06-29 18:28 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 04:27 . 2011-08-10 18:38 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 19:59 . 2011-07-15 19:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-13 04:54 . 2011-07-11 07:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-13 04:19 . 2011-07-13 04:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-09 02:30 . 2011-08-10 18:39 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38 . 2011-06-30 08:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-06-30 08:38 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-06-30 08:38 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-06-30 08:38 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-06-30 08:37 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 04:27 . 2011-08-10 18:38 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 18:38 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33 . 2011-08-10 18:39 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-10 18:39 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 05:34 . 2011-08-10 18:39 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 04:09 . 2011-08-13 07:54 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-15 08:55 . 2011-08-10 18:38 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55 . 2011-08-10 18:38 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55 . 2011-08-10 18:38 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55 . 2011-08-10 18:38 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55 . 2011-08-10 18:38 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-09-02 03:53 . 2011-08-20 20:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RockMelt Update"="c:\users\briansanderson\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-09-06 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\briansanderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI3C8A~1\Datamngr\datamngr.dll c:\progra~1\WI3C8A~1\Datamngr\IEBHO.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 03:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-06-08 16:49 284696 ------w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 03:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-25 03:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-01-20 14:45 370480 ------w- c:\program files\syncables\syncables desktop\syncables.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AWiCSrvc;AWiCSrvc;c:\program files\Dell Wireless\AWiCSrvc.exe [2010-11-11 49152]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-09-05 23456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\980A.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\AOL Computer Checkup\AOLDefragSrv.exe [2010-10-21 248328]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-12-28 135168]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-07-30 47144]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService_Untrusted_BZ REG_MULTI_SZ netprofm_Untrusted_BZ hr&  &
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ
swprv_Untrusted_BZ REG_MULTI_SZ swprv_Untrusted_BZ
AxInstSVGroup_Untrusted_BZ REG_MULTI_SZ AxInstSv_Untrusted_BZ
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 07:29]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 07:29]
.
2011-09-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
2011-09-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3247025732-2990259362-3088164022-1004Core.job
- c:\users\briansanderson\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-09-06 07:17]
.
2011-09-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F585EAE-C0CE-4E42-B674-7EBC522077B1}: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\briansanderson\AppData\Roaming\Mozilla\Firefox\Profiles\95x967xd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e5122b6&v=7.007.026.001&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-Trend Micro RUBotted V2 - c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\980A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-12 19:47:07
ComboFix-quarantined-files.txt 2011-09-12 18:47
ComboFix2.txt 2011-08-14 17:05
.
Pre-Run: 275,465,031,680 bytes free
Post-Run: 275,030,986,752 bytes free
.
- - End Of File - - 4FD003350400AB2CF503DDCF420996C4

DDS


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by briansanderson at 19:52:27 on 2011-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1187 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\vds.exe
C:\Windows\system32\wbengine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\briansanderson\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
uRun: [RockMelt Update] "c:\users\briansanderson\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F585EAE-C0CE-4E42-B674-7EBC522077B1} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi3c8a~1\datamngr\datamngr.dll c:\progra~1\wi3c8a~1\datamngr\iebho.dll c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\briansanderson\appdata\roaming\mozilla\firefox\profiles\95x967xd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e5122b6&v=7.007.026.001&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\briansanderson\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-4 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-4 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\aol computer checkup\AOLDefragSrv.exe [2011-8-4 248328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-4 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-4 54616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\dell wireless\Ath_CoexAgent.exe [2011-8-4 135168]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-9 44768]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-18 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-12-18 123008]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-12-18 13336]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2011-8-14 1692480]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2010-7-30 47144]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2010-12-18 28272]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\drivers\QWARQNet.sys [2010-12-18 10624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S3 AWiCSrvc;AWiCSrvc;c:\program files\dell wireless\AWiCSrvc.exe [2011-8-4 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-5 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-20 27192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-24 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-09-12 18:47:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-12 18:47:10 -------- d-----w- c:\users\briansanderson\appdata\local\temp
2011-09-12 17:41:08 518144 ----a-w- c:\windows\SWREG.exe
2011-09-12 17:41:08 256000 ----a-w- c:\windows\PEV.exe
2011-09-10 11:10:32 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eec744d0-7a0b-4f8e-9c97-c7d7dc3c3025}\mpengine.dll
2011-09-08 21:15:22 -------- d-----w- c:\users\briansanderson\appdata\roaming\OpenOffice.org
2011-09-08 21:10:05 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-06 18:37:44 -------- d-----w- c:\users\briansanderson\appdata\local\Microsoft Games
2011-09-06 07:17:32 -------- d-----w- c:\users\briansanderson\appdata\local\RockMelt
2011-09-05 09:53:11 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-09-05 09:53:11 -------- d-----w- c:\users\briansanderson\appdata\local\eSupport.com
2011-09-04 07:29:43 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-04 07:29:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-04 07:29:31 41184 ----a-w- c:\windows\avastSS.scr
2011-08-31 15:58:40 -------- d-----w- C:\MGtools
2011-08-25 05:06:26 -------- d-----w- C:\Panda Software
2011-08-24 16:50:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:36:03 -------- d-----w- C:\Panda Security
2011-08-23 06:31:30 -------- d-----w- c:\users\briansanderson\appdata\roaming\f-secure
2011-08-23 06:30:33 -------- d-----w- c:\programdata\F-Secure
2011-08-23 06:05:49 -------- d-----w- c:\programdata\boost_interprocess
2011-08-22 14:23:22 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-08-21 21:06:31 -------- d-----w- c:\programdata\Panda Security
2011-08-21 15:12:12 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-08-21 15:12:12 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-08-21 15:12:12 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-08-21 15:12:11 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-08-21 15:12:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-08-21 15:10:18 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-08-21 15:10:18 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-08-21 12:59:04 -------- d-----w- c:\program files\Safer Networking
2011-08-20 14:48:20 -------- d-----w- c:\users\briansanderson\appdata\roaming\Bandoo
2011-08-20 14:48:03 -------- d-----w- c:\users\briansanderson\appdata\local\Ilivid Player
2011-08-20 14:45:54 -------- d-----w- c:\program files\iLivid
2011-08-20 14:45:03 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-08-20 14:44:38 -------- d-----w- c:\users\briansanderson\appdata\local\PackageAware
2011-08-20 11:56:39 -------- d-----w- c:\users\briansanderson\appdata\roaming\VS Revo Group
2011-08-20 11:55:27 -------- d-----w- c:\users\briansanderson\appdata\local\VS Revo Group
2011-08-20 11:55:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-20 11:55:15 -------- d-----w- c:\program files\VS Revo Group
2011-08-20 11:54:48 -------- d-----w- c:\programdata\BabylonUpdater
2011-08-20 11:54:44 -------- d-----w- c:\programdata\Babylon
2011-08-20 11:29:54 -------- d-----w- c:\program files\CCleaner
2011-08-20 09:32:37 -------- d-----w- c:\users\briansanderson\appdata\local\Google
2011-08-19 19:30:05 -------- d-----w- c:\programdata\STOPzilla!
2011-08-19 19:18:01 -------- d-----w- c:\users\briansanderson\appdata\roaming\QuickScan
2011-08-18 13:51:11 -------- d-----w- c:\users\briansanderson\appdata\local\Dell Edoc Viewer
2011-08-18 13:13:54 -------- d-----w- C:\inetpub
2011-08-18 12:34:15 -------- d-----w- c:\users\briansanderson\Master Folder
2011-08-18 12:34:13 528 ----a-r- c:\users\briansanderson\MediaID.bin
2011-08-18 12:34:13 20345 ----a-w- c:\users\briansanderson\CWSDPR0.EXE
2011-08-18 12:34:13 20217 ----a-w- c:\users\briansanderson\CWSDPMI.EXE
2011-08-18 12:34:13 16 ----a-w- c:\users\briansanderson\PASS.BAT
2011-08-18 12:34:13 15 ----a-w- c:\users\briansanderson\RESTART.COM
2011-08-18 12:34:13 144896 ----a-w- c:\users\briansanderson\RWINPASS.EXE
2011-08-18 12:34:13 13134 ----a-w- c:\users\briansanderson\CWSPARAM.EXE
2011-08-18 12:34:13 118691 ----a-w- c:\users\briansanderson\NTFS4DOS.EXE
2011-08-18 12:34:13 -------- d-----r- c:\users\briansanderson\BRIANSANDERSON
2011-08-18 12:34:11 -------- d-----w- c:\users\briansanderson\Q10734-Wolseley -Kirk Sandwell
2011-08-18 12:34:10 -------- d-----w- c:\users\briansanderson\Q10684 Excel Construction Garden Road Richmond
2011-08-17 07:07:58 -------- d-----w- c:\users\briansanderson\appdata\local\Diagnostics
2011-08-14 17:14:05 -------- d-----w- c:\users\briansanderson\appdata\local\CrashDumps
2011-08-14 17:11:19 -------- d-----w- c:\users\briansanderson\appdata\roaming\AOL
2011-08-14 15:06:27 98816 ----a-w- c:\windows\sed.exe
2011-08-14 15:06:27 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 14:16:52 -------- d-----w- c:\program files\WinPcap
2011-08-14 14:16:17 -------- d-----w- c:\program files\Trend Micro
2011-08-14 14:05:51 -------- d-----w- c:\users\briansanderson\My Backup Files
2011-08-14 13:59:16 -------- d-----w- C:\Temp
2011-08-14 13:54:46 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 13:54:35 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2011-08-14 13:24:58 -------- d-----w- c:\users\briansanderson\appdata\roaming\Dell
2011-08-14 13:24:55 -------- d-----w- c:\users\briansanderson\appdata\roaming\PCDr
2011-08-14 10:11:00 -------- d-----w- c:\users\briansanderson\appdata\local\Adobe
.
==================== Find3M ====================
.
2011-08-27 08:47:43 1868 ----a-w- c:\windows\system32\ASOROSet.bin
2011-08-19 15:59:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 15:27:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-09 15:27:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-09 15:27:56 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-04 15:26:56 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 19:59:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-13 04:54:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-13 04:19:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 04:09:00 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
.
============= FINISH: 19:54:27.49 ===============

also attached zipped dds

trust this is what was required and thank you for your assistance

regards

Cloudz

Blade81
2011-09-12, 22:35
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:



Folder::
c:\users\briansanderson\AppData\Roaming\Bandoo
c:\users\briansanderson\AppData\Local\Ilivid Player
c:\program files\iLivid
c:\program files\Windows iLivid Toolbar
c:\users\briansanderson\AppData\Local\PackageAware
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Uninstall this old Java:
Java(TM) 6 Update 22


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.



Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Cloudz
2011-09-13, 08:51
Hi Blade

reports as requested have had 2 split down was saying 2 big to post

Combofix

ComboFix 11-09-12.02 - briansanderson 12/09/2011 21:27:31.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1176 [GMT 1:00]
Running from: c:\users\briansanderson\Downloads\ComboFix.exe
Command switches used :: c:\users\briansanderson\Desktop\KJM Projects\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\iLivid
c:\program files\iLivid\ilivid.exe
c:\program files\iLivid\imageformats\qgif4.dll
c:\program files\iLivid\imageformats\qjpeg4.dll
c:\program files\iLivid\libgcc_s_dw2-1.dll
c:\program files\iLivid\mingwm10.dll
c:\program files\iLivid\phonon4.dll
c:\program files\iLivid\QtCore4.dll
c:\program files\iLivid\QtGui4.dll
c:\program files\iLivid\QtNetwork4.dll
c:\program files\iLivid\QtScript4.dll
c:\program files\iLivid\QtWebKit4.dll
c:\program files\Windows iLivid Toolbar
c:\program files\Windows iLivid Toolbar\Datamngr\datamngr.dll
c:\program files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll
c:\program files\Windows iLivid Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\imeshcode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows iLivid Toolbar\Datamngr\ToolBar\uninstall.exe
c:\program files\Windows iLivid Toolbar\uninstall.exe
c:\users\briansanderson\AppData\Local\Ilivid Player
c:\users\briansanderson\AppData\Local\Ilivid Player\script.qscript
c:\users\briansanderson\AppData\Local\PackageAware
c:\users\briansanderson\AppData\Roaming\Bandoo

Cloudz
2011-09-13, 08:53
2011-09-12 21:29 . 2011-09-12 21:30 -------- d-----w- c:\users\briansanderson\AppData\Local\temp
2011-09-12 21:29 . 2011-09-12 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-10 11:10 . 2011-08-16 07:48 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EEC744D0-7A0B-4F8E-9C97-C7D7DC3C3025}\mpengine.dll
2011-09-08 21:15 . 2011-09-08 21:15 -------- d-----w- c:\users\briansanderson\AppData\Roaming\OpenOffice.org
2011-09-08 21:10 . 2011-09-08 21:10 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-06 18:37 . 2011-09-06 19:18 -------- d-----w- c:\users\briansanderson\AppData\Local\Microsoft Games
2011-09-06 08:56 . 2011-09-06 08:56 -------- d-----w- c:\program files\ERUNT
2011-09-06 07:17 . 2011-09-06 07:18 -------- d-----w- c:\users\briansanderson\AppData\Local\RockMelt
2011-09-05 09:53 . 2011-09-05 09:53 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-09-05 09:53 . 2011-09-05 09:53 -------- d-----w- c:\users\briansanderson\AppData\Local\eSupport.com
2011-09-04 07:29 . 2011-09-04 07:30 -------- d-----w- c:\program files\Google
2011-09-04 07:29 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-04 07:29 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-04 07:29 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-04 07:29 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-04 07:29 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-04 07:29 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-04 07:29 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-09-04 07:29 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-31 15:58 . 2011-09-04 18:49 -------- d-----w- C:\MGtools
2011-08-25 05:06 . 2011-08-25 05:06 -------- d-----w- C:\Panda Software
2011-08-24 16:50 . 2011-07-09 04:29 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:36 . 2011-08-23 20:36 -------- d-----w- C:\Panda Security
2011-08-23 06:31 . 2011-08-23 06:31 -------- d-----w- c:\users\briansanderson\AppData\Roaming\f-secure
2011-08-23 06:30 . 2011-08-23 06:30 -------- d-----w- c:\programdata\F-Secure
2011-08-23 06:05 . 2011-08-23 06:05 -------- d-----w- c:\programdata\boost_interprocess
2011-08-22 14:23 . 2011-08-22 14:23 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-08-21 21:06 . 2011-08-25 16:28 -------- d-----w- c:\programdata\Panda Security
2011-08-21 15:12 . 2005-04-03 22:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-08-21 15:12 . 2005-04-03 22:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-08-21 15:12 . 2005-04-03 22:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-08-21 15:12 . 2005-04-03 22:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-08-21 15:12 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-08-21 15:10 . 2011-08-21 15:10 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-08-21 15:10 . 2011-08-21 15:10 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-08-21 12:59 . 2011-08-21 12:59 -------- d-----w- c:\program files\Safer Networking
2011-08-20 11:56 . 2011-08-20 11:56 -------- d-----w- c:\users\briansanderson\AppData\Roaming\VS Revo Group
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\users\briansanderson\AppData\Local\VS Revo Group
2011-08-20 11:55 . 2009-12-30 10:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-20 11:55 . 2011-08-20 11:55 -------- d-----w- c:\program files\VS Revo Group
2011-08-20 11:54 . 2011-08-20 11:54 -------- d-----w- c:\programdata\Babylon
2011-08-20 11:29 . 2011-08-20 11:29 -------- d-----w- c:\program files\CCleaner
2011-08-20 09:32 . 2011-09-04 07:33 -------- d-----w- c:\users\briansanderson\AppData\Local\Google
2011-08-19 19:30 . 2011-09-12 17:21 -------- d-----w- c:\programdata\STOPzilla!
2011-08-19 19:18 . 2011-08-19 19:18 -------- d-----w- c:\users\briansanderson\AppData\Roaming\QuickScan
2011-08-18 13:51 . 2011-08-18 13:51 -------- d-----w- c:\users\briansanderson\AppData\Local\Dell Edoc Viewer
2011-08-18 13:13 . 2011-08-18 13:13 -------- d-----w- C:\inetpub
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Master Folder
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----r- c:\users\briansanderson\BRIANSANDERSON
2011-08-18 12:34 . 2011-08-12 08:48 528 ----a-r- c:\users\briansanderson\MediaID.bin
2011-08-18 12:34 . 2010-12-08 15:41 144896 ----a-w- c:\users\briansanderson\RWINPASS.EXE
2011-08-18 12:34 . 2010-05-05 14:58 16 ----a-w- c:\users\briansanderson\PASS.BAT
2011-08-18 12:34 . 2009-04-03 08:56 118691 ----a-w- c:\users\briansanderson\NTFS4DOS.EXE
2011-08-18 12:34 . 2001-05-25 22:05 15 ----a-w- c:\users\briansanderson\RESTART.COM
2011-08-18 12:34 . 1996-08-18 17:46 20217 ----a-w- c:\users\briansanderson\CWSDPMI.EXE
2011-08-18 12:34 . 1996-08-11 15:09 20345 ----a-w- c:\users\briansanderson\CWSDPR0.EXE
2011-08-18 12:34 . 1996-07-26 16:08 13134 ----a-w- c:\users\briansanderson\CWSPARAM.EXE
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Q10734-Wolseley -Kirk Sandwell
2011-08-18 12:34 . 2011-08-18 12:34 -------- d-----w- c:\users\briansanderson\Q10684 Excel Construction Garden Road Richmond
2011-08-17 07:07 . 2011-09-02 12:22 -------- d-----w- c:\users\briansanderson\AppData\Local\Diagnostics
2011-08-14 17:14 . 2011-09-06 20:30 -------- d-----w- c:\users\briansanderson\AppData\Local\CrashDumps
2011-08-14 17:11 . 2011-08-14 17:11 -------- d-----w- c:\users\briansanderson\AppData\Roaming\AOL
2011-08-14 14:16 . 2011-08-14 14:16 -------- d-----w- c:\program files\WinPcap
2011-08-14 14:16 . 2011-09-04 18:32 -------- d-----w- c:\program files\Trend Micro
2011-08-14 14:05 . 2011-08-14 14:05 -------- d-----w- c:\users\briansanderson\My Backup Files
2011-08-14 13:59 . 2011-08-18 12:35 -------- d-----w- C:\Temp
2011-08-14 13:54 . 2006-11-01 17:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 13:54 . 2011-09-12 18:50 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2011-08-14 13:24 . 2011-08-14 13:24 -------- d-----w- c:\users\briansanderson\AppData\Roaming\Dell
2011-08-14 13:24 . 2011-08-14 13:24 -------- d-----w- c:\users\briansanderson\AppData\Roaming\PCDr
2011-08-14 10:11 . 2011-08-14 11:06 -------- d-----w- c:\users\briansanderson\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 18:46 . 2011-08-31 15:58 188296 ----a-w- C:\MGlogs.zip
2011-08-19 15:59 . 2011-08-09 08:38 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-09 15:27 . 2011-08-09 15:27 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-09 15:27 . 2011-08-09 15:27 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-09 15:27 . 2011-08-09 15:27 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-04 15:26 . 2011-06-29 18:28 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 04:27 . 2011-08-10 18:38 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:15 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17 . 2011-08-10 18:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 19:59 . 2011-07-15 19:59 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-13 04:54 . 2011-07-11 07:49 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-13 04:19 . 2011-07-13 04:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-09 02:30 . 2011-08-10 18:39 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38 . 2011-06-30 08:38 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-06-30 08:38 . 2011-06-30 08:38 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38 . 2011-06-30 08:38 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38 . 2011-06-30 08:38 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37 . 2011-06-30 08:37 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 04:27 . 2011-08-10 18:38 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22 . 2011-08-10 18:38 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33 . 2011-08-10 18:39 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-23 04:33 . 2011-08-10 18:39 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-21 05:34 . 2011-08-10 18:39 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 04:09 . 2011-08-13 07:54 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-15 08:55 . 2011-08-10 18:38 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55 . 2011-08-10 18:38 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55 . 2011-08-10 18:38 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55 . 2011-08-10 18:38 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55 . 2011-08-10 18:38 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-09-02 03:53 . 2011-08-20 20:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RockMelt Update"="c:\users\briansanderson\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" [2011-09-06 136336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
c:\users\briansanderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 03:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-06-08 16:49 284696 ------w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 03:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-25 03:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
2010-01-20 14:45 370480 ------w- c:\program files\syncables\syncables desktop\syncables.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 AWiCSrvc;AWiCSrvc;c:\program files\Dell Wireless\AWiCSrvc.exe [2010-11-11 49152]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2011-09-05 23456]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\980A.tmp [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-23 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\AOL Computer Checkup\AOLDefragSrv.exe [2010-10-21 248328]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Dell Wireless\Ath_CoexAgent.exe [2010-12-28 135168]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-09-23 190592]
S2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-09-23 123008]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-07-30 47144]
S3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\DRIVERS\LSM303DLH.sys [2010-09-21 28272]
S3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\DRIVERS\QWARQNet.sys [2010-02-23 10624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService_Untrusted_BZ REG_MULTI_SZ netprofm_Untrusted_BZ hr&  &
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ
swprv_Untrusted_BZ REG_MULTI_SZ swprv_Untrusted_BZ
AxInstSVGroup_Untrusted_BZ REG_MULTI_SZ AxInstSv_Untrusted_BZ
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 07:29]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 07:29]
.
2011-09-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
2011-09-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3247025732-2990259362-3088164022-1004Core.job
- c:\users\briansanderson\AppData\Local\RockMelt\Update\RockMeltUpdate.exe [2011-09-06 07:17]
.
2011-09-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-07-25 17:44]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F585EAE-C0CE-4E42-B674-7EBC522077B1}: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\briansanderson\AppData\Roaming\Mozilla\Firefox\Profiles\95x967xd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e5122b6&v=7.007.026.001&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Searchqu 406 MediaBar - c:\program files\Windows iLivid Toolbar\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\980A.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-12 22:36:43
ComboFix-quarantined-files.txt 2011-09-12 21:36
ComboFix2.txt 2011-09-12 18:47
ComboFix3.txt 2011-08-14 17:05
.
Pre-Run: 275,073,949,696 bytes free
Post-Run: 274,774,560,768 bytes free
.
- - End Of File - - B71721FE5A9BCC5AB49419EB2B7DD306

Cloudz
2011-09-13, 08:54
DDS


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by briansanderson at 5:59:22 on 2011-09-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2036.1172 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\briansanderson\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AOL Computer Checkup\AOLDefragSrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Dell Wireless\Ath_CoexAgent.exe
C:\Windows\system32\CISVC.EXE
C:\Windows\system32\CxAudMsg32.exe
C:\Windows\system32\CxUSBDock32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\System32\vds.exe
C:\Windows\system32\wbengine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.msn.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [RockMelt Update] "c:\users\briansanderson\appdata\local\rockmelt\update\RockMeltUpdate.exe" /c
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\brians~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8F585EAE-C0CE-4E42-B674-7EBC522077B1} : DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\briansanderson\appdata\roaming\mozilla\firefox\profiles\95x967xd.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4e5122b6&v=7.007.026.001&i=27&tp=ab&iy=&ychte=uk&lng=en-GB&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\briansanderson\appdata\local\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-4 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-4 320856]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AOLDiskOptimizer;AOLDiskOptimizer;c:\program files\aol computer checkup\AOLDefragSrv.exe [2011-8-4 248328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-4 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-4 54616]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\dell wireless\Ath_CoexAgent.exe [2011-8-4 135168]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-9 44768]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2010-12-18 190592]
R2 CxUSBDock;Conexant USB Audio Dock Service;c:\windows\system32\CxUSBDock32.exe [2010-12-18 123008]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2011-8-14 1692480]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\drivers\AthDfu.sys [2010-7-30 47144]
R3 LSM303DLH;STMicroelectronics™ 3-Axis Accelerometer/Magnetometer;c:\windows\system32\drivers\LSM303DLH.sys [2010-12-18 28272]
R3 QWARQNet;Qwarq Virtual Miniport;c:\windows\system32\drivers\QWARQNet.sys [2010-12-18 10624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-12-18 13336]
S3 AWiCSrvc;AWiCSrvc;c:\program files\dell wireless\AWiCSrvc.exe [2011-8-4 49152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-9-5 23456]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-4 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-20 27192]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-11-24 191008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-5 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-23 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2011-09-12 21:59:03 -------- d-----w- c:\program files\ESET
2011-09-12 21:36:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-12 21:36:46 -------- d-----w- c:\users\briansanderson\appdata\local\temp
2011-09-12 17:41:08 518144 ----a-w- c:\windows\SWREG.exe
2011-09-12 17:41:08 256000 ----a-w- c:\windows\PEV.exe
2011-09-10 11:10:32 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{eec744d0-7a0b-4f8e-9c97-c7d7dc3c3025}\mpengine.dll
2011-09-08 21:15:22 -------- d-----w- c:\users\briansanderson\appdata\roaming\OpenOffice.org
2011-09-08 21:10:05 -------- d-----w- c:\program files\OpenOffice.org 3
2011-09-06 18:37:44 -------- d-----w- c:\users\briansanderson\appdata\local\Microsoft Games
2011-09-06 07:17:32 -------- d-----w- c:\users\briansanderson\appdata\local\RockMelt
2011-09-05 09:53:11 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2011-09-05 09:53:11 -------- d-----w- c:\users\briansanderson\appdata\local\eSupport.com
2011-09-04 07:29:43 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-04 07:29:43 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-04 07:29:31 41184 ----a-w- c:\windows\avastSS.scr
2011-08-31 15:58:40 -------- d-----w- C:\MGtools
2011-08-25 05:06:26 -------- d-----w- C:\Panda Software
2011-08-24 16:50:50 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-23 20:36:03 -------- d-----w- C:\Panda Security
2011-08-23 06:31:30 -------- d-----w- c:\users\briansanderson\appdata\roaming\f-secure
2011-08-23 06:30:33 -------- d-----w- c:\programdata\F-Secure
2011-08-23 06:05:49 -------- d-----w- c:\programdata\boost_interprocess
2011-08-22 14:23:22 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2011-08-21 21:06:31 -------- d-----w- c:\programdata\Panda Security
2011-08-21 15:12:12 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-08-21 15:12:12 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-08-21 15:12:12 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-08-21 15:12:11 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-08-21 15:12:11 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-08-21 15:10:18 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-08-21 15:10:18 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-08-21 12:59:04 -------- d-----w- c:\program files\Safer Networking
2011-08-20 11:56:39 -------- d-----w- c:\users\briansanderson\appdata\roaming\VS Revo Group
2011-08-20 11:55:27 -------- d-----w- c:\users\briansanderson\appdata\local\VS Revo Group
2011-08-20 11:55:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-20 11:55:15 -------- d-----w- c:\program files\VS Revo Group
2011-08-20 11:54:48 -------- d-----w- c:\programdata\BabylonUpdater
2011-08-20 11:54:44 -------- d-----w- c:\programdata\Babylon
2011-08-20 11:29:54 -------- d-----w- c:\program files\CCleaner
2011-08-20 09:32:37 -------- d-----w- c:\users\briansanderson\appdata\local\Google
2011-08-19 19:30:05 -------- d-----w- c:\programdata\STOPzilla!
2011-08-19 19:18:01 -------- d-----w- c:\users\briansanderson\appdata\roaming\QuickScan
2011-08-18 13:51:11 -------- d-----w- c:\users\briansanderson\appdata\local\Dell Edoc Viewer
2011-08-18 13:13:54 -------- d-----w- C:\inetpub
2011-08-18 12:34:15 -------- d-----w- c:\users\briansanderson\Master Folder
2011-08-18 12:34:13 528 ----a-r- c:\users\briansanderson\MediaID.bin
2011-08-18 12:34:13 20345 ----a-w- c:\users\briansanderson\CWSDPR0.EXE
2011-08-18 12:34:13 20217 ----a-w- c:\users\briansanderson\CWSDPMI.EXE
2011-08-18 12:34:13 16 ----a-w- c:\users\briansanderson\PASS.BAT
2011-08-18 12:34:13 15 ----a-w- c:\users\briansanderson\RESTART.COM
2011-08-18 12:34:13 144896 ----a-w- c:\users\briansanderson\RWINPASS.EXE
2011-08-18 12:34:13 13134 ----a-w- c:\users\briansanderson\CWSPARAM.EXE
2011-08-18 12:34:13 118691 ----a-w- c:\users\briansanderson\NTFS4DOS.EXE
2011-08-18 12:34:13 -------- d-----r- c:\users\briansanderson\BRIANSANDERSON
2011-08-18 12:34:11 -------- d-----w- c:\users\briansanderson\Q10734-Wolseley -Kirk Sandwell
2011-08-18 12:34:10 -------- d-----w- c:\users\briansanderson\Q10684 Excel Construction Garden Road Richmond
2011-08-17 07:07:58 -------- d-----w- c:\users\briansanderson\appdata\local\Diagnostics
2011-08-14 17:14:05 -------- d-----w- c:\users\briansanderson\appdata\local\CrashDumps
2011-08-14 17:11:19 -------- d-----w- c:\users\briansanderson\appdata\roaming\AOL
2011-08-14 15:06:27 98816 ----a-w- c:\windows\sed.exe
2011-08-14 15:06:27 208896 ----a-w- c:\windows\MBR.exe
2011-08-14 14:16:52 -------- d-----w- c:\program files\WinPcap
2011-08-14 14:16:17 -------- d-----w- c:\program files\Trend Micro
2011-08-14 14:05:51 -------- d-----w- c:\users\briansanderson\My Backup Files
2011-08-14 13:59:16 -------- d-----w- C:\Temp
2011-08-14 13:54:46 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2011-08-14 13:54:35 -------- d-----w- c:\program files\Dell DataSafe Local Backup
2011-08-14 13:24:58 -------- d-----w- c:\users\briansanderson\appdata\roaming\Dell
2011-08-14 13:24:55 -------- d-----w- c:\users\briansanderson\appdata\roaming\PCDr
2011-08-14 10:11:00 -------- d-----w- c:\users\briansanderson\appdata\local\Adobe
.
==================== Find3M ====================
.
2011-08-27 08:47:43 1868 ----a-w- c:\windows\system32\ASOROSet.bin
2011-08-09 15:27:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-08-09 15:27:56 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-08-09 15:27:56 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-08-04 15:26:56 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-15 19:59:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-13 04:54:00 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-07-13 04:19:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-30 08:38:06 37592 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-06-30 08:38:04 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-06-30 08:38:04 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-30 08:37:26 285256 ----a-w- c:\windows\system32\guard32.dll
2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 04:09:00 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll
.
============= FINISH: 6:01:17.70 ===============

Cloudz
2011-09-13, 08:55
ESNET


C:\MGtools\Process.exe Win32/PrcView application
C:\Users\briansanderson\Downloads\cnet_ccsetup309_exe.exe a variant of Win32/InstallCore.C application
C:\Users\briansanderson\Downloads\cnet_RevoUninProSetup_exe.exe a variant of Win32/InstallCore.C application


hope this is what was required

many thanks

Cloudz

Blade81
2011-09-13, 13:54
Hi,

Delete this folder:
C:\MGtools

and these files:
C:\Users\briansanderson\Downloads\cnet_ccsetup309_exe.exe
C:\Users\briansanderson\Downloads\cnet_RevoUninProSetup_exe.exe

Please give a description of remaining issues.

Blade81
2011-09-18, 11:01
Are you still there?

Blade81
2011-09-28, 07:50
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.