Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer shuts down during virus scan


  • This topic is locked This topic is locked
7 replies to this topic

#1 bluescreenedagain

bluescreenedagain

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 February 2010 - 03:47 PM

My computer shuts down at random times, often disconnects from the internet repeatedly, and it always shuts down without warning during virus scans with avg, avast, and some other programs.

Here's the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by comp at 14:42:58.08 on Mon 02/22/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3000.1642 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\PROGRA~1\Gomez\GOMEZP~1\jre\bin\java.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\comp\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.swagbucks.com/
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1009&m=m-7301u
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1009&m=m-7301u
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 200.110.244.81:8080
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.317.0\npchrome_frame.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwa1.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {B771FEA3-2A05-4C21-B1E2-55551A97D520} - No File
TB: Club Bing Toolbar: {719d74ab-1af9-43a1-8c62-d8750628d93e} - c:\program files\club bing toolbar\Toolbar.dll
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TrayServer] c:\program files\magix\movie_edit_pro_12\TrayServer.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRunOnce: [InstallShieldSetup] c:\progra~1\instal~1\{3b6e3~1\setup.exe -rebootc:\progra~1\instal~1\{3b6e3~1\reboot.ini -l0x9
mRunOnce: [WebcamMaxunstall]
mRunOnce: [GrpConv] grpconv.exe -o
mRunOnce: [AVG FirstScan] "c:\program files\avg\avg9\avgfrw.exe" /firstscan /delay=120 /runonce
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallati...uot;ver=9.0.733
StartupFolder: c:\users\comp\appdata\roaming\micros~1\windows\startm~1\programs\startup\gomezp~1.lnk - c:\program files\gomez\gomezpeer\bin\GomezPEER.exe
StartupFolder: c:\users\comp\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.33.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.317.0\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\comp\appdata\roaming\mozilla\firefox\profiles\fz7c77ws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\users\comp\appdata\roaming\mozilla\firefox\profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\comp\appdata\roaming\mozilla\firefox\profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-27 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-10-12 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-11-12 1858144]
R2 ACEDRV08;ACEDRV08;c:\windows\system32\drivers\ACEDRV08.sys [2009-10-27 108768]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-27 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-27 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-10-27 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-10-27 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-10-27 352920]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-7-30 112128]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-5-12 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-11 43608]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S3 B-Service;B-Service;c:\users\comp\appdata\roaming\mikogo\B-Service.exe [2009-11-3 185640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-10-27 1527900]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-8-18 3658752]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-10-27 544768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-12-17 99152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

=============== Created Last 30 ================

2010-02-22 19:42:22 0 ----a-w- c:\users\comp\defogger_reenable
2010-02-22 16:07:41 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 19:19:27 95616 ----a-w- c:\windows\system32\junction.exe
2010-02-21 19:12:22 95616 ----a-w- c:\windows\junction.exe
2010-02-21 16:38:52 164363647 ----a-w- c:\windows\MEMORY.DMP
2010-02-21 01:35:31 0 d-----w- c:\program files\FJTech
2010-02-18 01:47:35 20 ----a-w- c:\windows\system32\SYSTEM
2010-02-18 01:45:46 723053 ----a-w- c:\users\comp\mary.mp3
2010-02-17 21:04:46 0 d--h--w- C:\$AVG
2010-02-17 21:02:04 0 d-----w- c:\program files\AVG
2010-02-17 21:01:53 0 d-----w- c:\programdata\avg9
2010-02-17 02:33:14 0 d-----w- c:\program files\MixMeister BPM Analyzer
2010-02-15 16:23:26 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-02-13 21:09:22 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-13 21:09:21 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-12 05:34:56 0 d-----w- c:\program files\common files\DivX Shared
2010-02-12 05:34:55 0 d-----w- c:\program files\DivX
2010-02-10 16:47:44 0 d-----w- c:\program files\ASCII
2010-02-10 15:27:05 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 15:27:05 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 15:27:01 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 15:27:00 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-06 17:08:05 0 ----a-w- c:\windows\Bordwell8eFA2008.mh
2010-02-05 21:52:39 0 dc----w- c:\programdata\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8}
2010-02-05 17:47:01 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-02-05 17:46:36 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-02-01 05:29:01 0 d-----w- c:\program files\Celebrity Toolbar
2010-02-01 04:15:27 0 d-----w- c:\program files\common files\Native Instruments
2010-02-01 04:02:07 0 d-----w- c:\programdata\CyberLink
2010-01-28 19:53:23 0 d-----w- c:\programdata\Seagate
2010-01-28 19:53:23 0 d-----w- c:\program files\Seagate
2010-01-28 19:52:18 0 d-sh--w- c:\windows\ftpcache
2010-01-28 19:46:34 0 d-----w- C:\archive_db
2010-01-28 19:40:10 0 d-----w- c:\programdata\Paragon
2010-01-28 19:39:24 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-01-28 19:37:23 0 d-----w- c:\program files\Paragon Software
2010-01-27 02:53:30 0 d-----w- c:\program files\Native Instruments
2010-01-24 22:19:10 0 d-----w- c:\program files\ChemProfessor
2010-01-24 22:08:39 0 d-----w- c:\program files\The Solutions Assistant
2010-01-24 22:08:18 286720 ------w- c:\windows\Setup1.exe
2010-01-24 22:08:16 73216 ----a-w- c:\windows\ST6UNST.EXE

==================== Find3M ====================

2010-02-21 17:42:09 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-21 17:42:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-21 16:44:46 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-20 19:01:27 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-01-20 19:01:27 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-01-15 17:21:28 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-01-15 17:21:18 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-01-15 17:21:16 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-01-15 17:21:16 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-01-15 17:21:16 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35:00 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-10 03:44:37 155136 ----a-w- c:\windows\system32\RemoteControl.dll
2008-08-19 02:09:39 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:43:57.20 ===============

Here's the most recent gmer log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 15:34:31
Windows 5.1.2600 Service Pack 2
Running: sfuxjxrj.exe; Driver: C:\Users\comp\AppData\Local\Temp\pxldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x8F56B320]

INT 0x51 ? FFFFFFFF
INT 0x51 ? 874F9000
INT 0x61 ? FFFFFFFF
INT 0x61 ? 870E1658
INT 0x62 ? FFFFFFFF
INT 0x62 ? 86F21100
INT 0x71 ? FFFFFFFF
INT 0x71 ? 870E1658
INT 0x72 ? FFFFFFFF
INT 0x72 ? 00000072
INT 0x82 ? FFFFFFFF
INT 0x82 ? 86F21100
INT 0x92 ? FFFFFFFF
INT 0x92 ? 00280026
INT 0xA2 ? FFFFFFFF
INT 0xA2 ? 86F21100
INT 0xB1 ? FFFFFFFF
INT 0xB1 ? 5F534750
INT 0xB1 ? 006F0073
INT 0xB2 ? FFFFFFFF
INT 0xB2 ? 86F21100

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentVersion 6.0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@ProductName Windows Vista ™ Home Premium
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CSDVersion Service Pack 1

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:42 AM

Posted 22 February 2010 - 04:32 PM

Hi bluescreenedagain,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Let's run some checks on just how locked the malware has made your PC.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 bluescreenedagain

bluescreenedagain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 February 2010 - 05:33 PM

It deleted everything associated with gomezpeer, even though that is a legit program, but it doesn't look like it deleted anything else

ComboFix 10-02-21.02 - comp 02/22/2010 17:02:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3000.1686 [GMT -5:00]
Running from: c:\users\comp\Desktop\comfix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2976607246-1430512462-1775891161-500
c:\program files\Gomez
c:\program files\Gomez\GomezPEER\bin\GomezPEER.exe
c:\program files\Gomez\GomezPEER\cache\params.xml
c:\program files\Gomez\GomezPEER\cache\Respawn.class
c:\program files\Gomez\GomezPEER\country_list.txt
c:\program files\Gomez\GomezPEER\decode.exe
c:\program files\Gomez\GomezPEER\getclean.exe
c:\program files\Gomez\GomezPEER\gomez.dat
c:\program files\Gomez\GomezPEER\gomez.dat.backup1
c:\program files\Gomez\GomezPEER\gomez.dat.backup2
c:\program files\Gomez\GomezPEER\gomez.dat.backup3
c:\program files\Gomez\GomezPEER\javparms.dat
c:\program files\Gomez\GomezPEER\jre\bin\attach.dll
c:\program files\Gomez\GomezPEER\jre\bin\awt.dll
c:\program files\Gomez\GomezPEER\jre\bin\axbridge.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\classes.jsa
c:\program files\Gomez\GomezPEER\jre\bin\client\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\client\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\cmm.dll
c:\program files\Gomez\GomezPEER\jre\bin\comfyj.lic
c:\program files\Gomez\GomezPEER\jre\bin\dcpr.dll
c:\program files\Gomez\GomezPEER\jre\bin\deploy.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_shmem.dll
c:\program files\Gomez\GomezPEER\jre\bin\dt_socket.dll
c:\program files\Gomez\GomezPEER\jre\bin\eula.dll
c:\program files\Gomez\GomezPEER\jre\bin\fontmanager.dll
c:\program files\Gomez\GomezPEER\jre\bin\hpi.dll
c:\program files\Gomez\GomezPEER\jre\bin\hprof.dll
c:\program files\Gomez\GomezPEER\jre\bin\ICE_JNIRegistry.dll
c:\program files\Gomez\GomezPEER\jre\bin\iepreparse.dll
c:\program files\Gomez\GomezPEER\jre\bin\instrument.dll
c:\program files\Gomez\GomezPEER\jre\bin\ioser12.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pcsc.dll
c:\program files\Gomez\GomezPEER\jre\bin\j2pkcs11.dll
c:\program files\Gomez\GomezPEER\jre\bin\jaas_nt.dll
c:\program files\Gomez\GomezPEER\jre\bin\java-rmi.exe
c:\program files\Gomez\GomezPEER\jre\bin\java.dll
c:\program files\Gomez\GomezPEER\jre\bin\java.exe
c:\program files\Gomez\GomezPEER\jre\bin\java_crw_demo.dll
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.cpl
c:\program files\Gomez\GomezPEER\jre\bin\javacpl.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaw.exe
c:\program files\Gomez\GomezPEER\jre\bin\javaws.exe
c:\program files\Gomez\GomezPEER\jre\bin\jawt.dll
c:\program files\Gomez\GomezPEER\jre\bin\JdbcOdbc.dll
c:\program files\Gomez\GomezPEER\jre\bin\jdwp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jexplorer.lic
c:\program files\Gomez\GomezPEER\jre\bin\jli.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.dll
c:\program files\Gomez\GomezPEER\jre\bin\jniwrap.lic
c:\program files\Gomez\GomezPEER\jre\bin\jpeg.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpicom.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpiexp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpinscp.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpioji.dll
c:\program files\Gomez\GomezPEER\jre\bin\jpishare.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsound.dll
c:\program files\Gomez\GomezPEER\jre\bin\jsoundds.dll
c:\program files\Gomez\GomezPEER\jre\bin\jucheck.exe
c:\program files\Gomez\GomezPEER\jre\bin\jureg.exe
c:\program files\Gomez\GomezPEER\jre\bin\jusched.exe
c:\program files\Gomez\GomezPEER\jre\bin\keytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\kinit.exe
c:\program files\Gomez\GomezPEER\jre\bin\klist.exe
c:\program files\Gomez\GomezPEER\jre\bin\ktab.exe
c:\program files\Gomez\GomezPEER\jre\bin\management.dll
c:\program files\Gomez\GomezPEER\jre\bin\Microsoft.VC80.CRT.manifest
c:\program files\Gomez\GomezPEER\jre\bin\msdecode.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcm80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcp80.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr71.dll
c:\program files\Gomez\GomezPEER\jre\bin\msvcr80.dll
c:\program files\Gomez\GomezPEER\jre\bin\net.dll
c:\program files\Gomez\GomezPEER\jre\bin\nio.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava11.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava12.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava13.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava14.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjava32.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160.dll
c:\program files\Gomez\GomezPEER\jre\bin\npjpi160_03.dll
c:\program files\Gomez\GomezPEER\jre\bin\npoji610.dll
c:\program files\Gomez\GomezPEER\jre\bin\npt.dll
c:\program files\Gomez\GomezPEER\jre\bin\orbd.exe
c:\program files\Gomez\GomezPEER\jre\bin\pack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\policytool.exe
c:\program files\Gomez\GomezPEER\jre\bin\porivonet.dll
c:\program files\Gomez\GomezPEER\jre\bin\PorivoProcess.dll
c:\program files\Gomez\GomezPEER\jre\bin\regutils.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmi.dll
c:\program files\Gomez\GomezPEER\jre\bin\rmid.exe
c:\program files\Gomez\GomezPEER\jre\bin\rmiregistry.exe
c:\program files\Gomez\GomezPEER\jre\bin\server\jvm.dll
c:\program files\Gomez\GomezPEER\jre\bin\server\Xusage.txt
c:\program files\Gomez\GomezPEER\jre\bin\servertool.exe
c:\program files\Gomez\GomezPEER\jre\bin\splashscreen.dll
c:\program files\Gomez\GomezPEER\jre\bin\ssv.dll
c:\program files\Gomez\GomezPEER\jre\bin\sunmscapi.dll
c:\program files\Gomez\GomezPEER\jre\bin\tnameserv.exe
c:\program files\Gomez\GomezPEER\jre\bin\unicows.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack.dll
c:\program files\Gomez\GomezPEER\jre\bin\unpack200.exe
c:\program files\Gomez\GomezPEER\jre\bin\verify.dll
c:\program files\Gomez\GomezPEER\jre\bin\w2k_lsa_auth.dll
c:\program files\Gomez\GomezPEER\jre\bin\WinTimer.dll
c:\program files\Gomez\GomezPEER\jre\bin\wsdetect.dll
c:\program files\Gomez\GomezPEER\jre\bin\zip.dll
c:\program files\Gomez\GomezPEER\jre\COPYRIGHT
c:\program files\Gomez\GomezPEER\jre\lib\audio\soundbank.gm
c:\program files\Gomez\GomezPEER\jre\lib\calendars.properties
c:\program files\Gomez\GomezPEER\jre\lib\charsets.jar
c:\program files\Gomez\GomezPEER\jre\lib\classlist
c:\program files\Gomez\GomezPEER\jre\lib\cmm\CIEXYZ.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\GRAY.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\LINEAR_RGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\PYCC.pf
c:\program files\Gomez\GomezPEER\jre\lib\cmm\sRGB.pf
c:\program files\Gomez\GomezPEER\jre\lib\content-types.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy.jar
c:\program files\Gomez\GomezPEER\jre\lib\deploy\ffjcext.zip
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_de.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_es.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_fr.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_it.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ja.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_ko.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_sv.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_CN.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_HK.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\messages_zh_TW.properties
c:\program files\Gomez\GomezPEER\jre\lib\deploy\splash.jpg
c:\program files\Gomez\GomezPEER\jre\lib\endorsed\xalan.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-codec.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\commons-lang.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\css.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsjava.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\dnsns.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\gomez-webcore.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\HeartBeatProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jdom.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\JNIRegistry.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jniwrap.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\js.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\jstools.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\Kernel.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\localedata.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\log4j.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\ext\nekohtml.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\commons-codec.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\commons-lang.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\css.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\dnsjava.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\dnsns.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\gomez-webcore.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\HeartBeatProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\jdom.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\JNIRegistry.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\jniwrap.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\js.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\jstools.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\Kernel.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\localedata.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\log4j.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\nekohtml.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\oro.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\peergui.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\PeerReviewProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\poi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\porivo-lib.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\porivo-modules.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\porivo-utils.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\sunjce_provider.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\sunmscapi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\sunpkcs11.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\winpack.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\New Folder\xerces.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\oro.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\peergui.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\PeerReviewProject.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\poi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-lib.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-modules.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\porivo-utils.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunjce_provider.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunmscapi.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\sunpkcs11.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\winpack.jar
c:\program files\Gomez\GomezPEER\jre\lib\ext\xerces.jar
c:\program files\Gomez\GomezPEER\jre\lib\flavormap.properties
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.98.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.bfc
c:\program files\Gomez\GomezPEER\jre\lib\fontconfig.properties.src
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightDemiItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightItalic.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaBrightRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansDemiBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaSansRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterBold.ttf
c:\program files\Gomez\GomezPEER\jre\lib\fonts\LucidaTypewriterRegular.ttf
c:\program files\Gomez\GomezPEER\jre\lib\i386\jvm.cfg
c:\program files\Gomez\GomezPEER\jre\lib\im\indicim.jar
c:\program files\Gomez\GomezPEER\jre\lib\im\thaiim.jar
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\cursors.properties
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\invalid32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif
c:\program files\Gomez\GomezPEER\jre\lib\javaws.jar
c:\program files\Gomez\GomezPEER\jre\lib\jce.jar
c:\program files\Gomez\GomezPEER\jre\lib\jsse.jar
c:\program files\Gomez\GomezPEER\jre\lib\jvm.hprof.txt
c:\program files\Gomez\GomezPEER\jre\lib\logging.properties
c:\program files\Gomez\GomezPEER\jre\lib\management-agent.jar
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.access
c:\program files\Gomez\GomezPEER\jre\lib\management\jmxremote.password.template
c:\program files\Gomez\GomezPEER\jre\lib\management\management.properties
c:\program files\Gomez\GomezPEER\jre\lib\management\snmp.acl.template
c:\program files\Gomez\GomezPEER\jre\lib\meta-index
c:\program files\Gomez\GomezPEER\jre\lib\net.properties
c:\program files\Gomez\GomezPEER\jre\lib\plugin.jar
c:\program files\Gomez\GomezPEER\jre\lib\psfont.properties.ja
c:\program files\Gomez\GomezPEER\jre\lib\psfontj2d.properties
c:\program files\Gomez\GomezPEER\jre\lib\resources.jar
c:\program files\Gomez\GomezPEER\jre\lib\rt.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\cacerts
c:\program files\Gomez\GomezPEER\jre\lib\security\gsr.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\java.security
c:\program files\Gomez\GomezPEER\jre\lib\security\javaws.policy
c:\program files\Gomez\GomezPEER\jre\lib\security\local_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\security\US_export_policy.jar
c:\program files\Gomez\GomezPEER\jre\lib\sound.properties
c:\program files\Gomez\GomezPEER\jre\lib\tzmappings
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Abidjan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Accra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Addis_Ababa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Algiers
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Asmera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bamako
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bangui
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Banjul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bissau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Blantyre
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Brazzaville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Bujumbura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Cairo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Casablanca
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ceuta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Conakry
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dakar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Dar_es_Salaam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Djibouti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Douala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\El_Aaiun
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Freetown
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Gaborone
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Harare
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Johannesburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kampala
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Khartoum
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kigali
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Kinshasa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Libreville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Luanda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lubumbashi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Lusaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Malabo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maputo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Maseru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mbabane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Mogadishu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Monrovia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nairobi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ndjamena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Niamey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Nouakchott
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Ouagadougou
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Porto-Novo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Sao_Tome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tripoli
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Tunis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Africa\Windhoek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Adak
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anchorage
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Anguilla
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Antigua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Araguaina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Buenos_Aires
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Catamarca
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Cordoba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Jujuy
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\La_Rioja
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Mendoza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Rio_Gallegos
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\San_Juan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Tucuman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Argentina\Ushuaia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Aruba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Asuncion
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Atikokan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bahia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Barbados
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Belize
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Blanc-Sablon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boa_Vista
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Bogota
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Boise
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cambridge_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Campo_Grande
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cancun
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Caracas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayenne
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cayman
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chicago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Chihuahua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Costa_Rica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Cuiaba
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Curacao
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Danmarkshavn
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dawson_Creek
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Denver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Detroit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Dominica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Edmonton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Eirunepe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\El_Salvador
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Fortaleza
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Glace_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Godthab
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Goose_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grand_Turk
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Grenada
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guadeloupe
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guatemala
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guayaquil
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Guyana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Halifax
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Havana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Hermosillo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Indianapolis
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Knox
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Marengo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Petersburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Tell_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vevay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Vincennes
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Indiana\Winamac
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Inuvik
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Iqaluit
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Jamaica
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Juneau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Louisville
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Kentucky\Monticello
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\La_Paz
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Lima
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Los_Angeles
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Maceio
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Managua
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Manaus
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Martinique
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mazatlan
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Menominee
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Merida
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Mexico_City
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Miquelon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Moncton
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Monterrey
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montevideo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montreal
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Montserrat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nassau
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\New_York
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nipigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Nome
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Noronha
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\Center
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\North_Dakota\New_Salem
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Panama
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Pangnirtung
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Paramaribo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Phoenix
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port-au-Prince
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Port_of_Spain
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Porto_Velho
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Puerto_Rico
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rainy_River
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rankin_Inlet
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Recife
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Regina
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Resolute
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Rio_Branco
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santiago
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Santo_Domingo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Sao_Paulo
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Scoresbysund
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Johns
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Kitts
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Lucia
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Thomas
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\St_Vincent
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Swift_Current
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tegucigalpa
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thule
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Thunder_Bay
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tijuana
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Toronto
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Tortola
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Vancouver
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Whitehorse
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Winnipeg
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yakutat
c:\program files\Gomez\GomezPEER\jre\lib\zi\America\Yellowknife
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Casey
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Davis
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\DumontDUrville
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Mawson
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\McMurdo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Palmer
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Rothera
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Syowa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Antarctica\Vostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aden
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Almaty
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Amman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Anadyr
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Aqtobe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ashgabat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baghdad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bahrain
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Baku
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bangkok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Beirut
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Bishkek
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Brunei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Calcutta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Choibalsan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Chongqing
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Colombo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Damascus
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dhaka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dili
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dubai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Dushanbe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Gaza
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Harbin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hong_Kong
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Hovd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Irkutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jakarta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jayapura
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Jerusalem
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kabul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kamchatka
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Karachi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kashgar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Katmandu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Krasnoyarsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuala_Lumpur
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuching
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Kuwait
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Macau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Magadan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Makassar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Manila
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Muscat
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Nicosia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Novosibirsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Omsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Oral
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Phnom_Penh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pontianak
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Pyongyang
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Qyzylorda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Rangoon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh87
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh88
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Riyadh89
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Saigon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Sakhalin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Samarkand
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Seoul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Shanghai
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Singapore
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Taipei
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tashkent
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tbilisi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tehran
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Thimphu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Tokyo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Ulaanbaatar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Urumqi
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vientiane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Vladivostok
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yakutsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yekaterinburg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Asia\Yerevan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Azores
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Bermuda
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Canary
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Cape_Verde
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faeroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Faroe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Madeira
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Reykjavik
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\South_Georgia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\St_Helena
c:\program files\Gomez\GomezPEER\jre\lib\zi\Atlantic\Stanley
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Adelaide
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Brisbane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Broken_Hill
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Currie
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Darwin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Eucla
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Hobart
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lindeman
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Lord_Howe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Melbourne
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Perth
c:\program files\Gomez\GomezPEER\jre\lib\zi\Australia\Sydney
c:\program files\Gomez\GomezPEER\jre\lib\zi\CET
c:\program files\Gomez\GomezPEER\jre\lib\zi\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\EET
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST
c:\program files\Gomez\GomezPEER\jre\lib\zi\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-13
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-14
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT-9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+1
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+10
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+11
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+12
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+2
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+3
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+4
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+5
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+6
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+7
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+8
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\GMT+9
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UCT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Etc\UTC
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Amsterdam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Andorra
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Athens
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Belgrade
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Berlin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Brussels
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Bucharest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Budapest
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Chisinau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Copenhagen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Dublin
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Gibraltar
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Helsinki
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Istanbul
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kaliningrad
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Kiev
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Lisbon
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\London
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Luxembourg
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Madrid
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Malta
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Minsk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Monaco
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Moscow
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Oslo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Paris
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Prague
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Riga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Rome
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Samara
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Simferopol
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Sofia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Stockholm
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tallinn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Tirane
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Uzhgorod
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vaduz
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vienna
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Vilnius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Volgograd
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Warsaw
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zaporozhye
c:\program files\Gomez\GomezPEER\jre\lib\zi\Europe\Zurich
c:\program files\Gomez\GomezPEER\jre\lib\zi\GMT
c:\program files\Gomez\GomezPEER\jre\lib\zi\HST
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Antananarivo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Chagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Christmas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Cocos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Comoro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Kerguelen
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mahe
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Maldives
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mauritius
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Mayotte
c:\program files\Gomez\GomezPEER\jre\lib\zi\Indian\Reunion
c:\program files\Gomez\GomezPEER\jre\lib\zi\MET
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST
c:\program files\Gomez\GomezPEER\jre\lib\zi\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Apia
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Auckland
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Chatham
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Easter
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Efate
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Enderbury
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fakaofo
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Fiji
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Funafuti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Galapagos
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Gambier
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guadalcanal
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Guam
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Honolulu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Johnston
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kiritimati
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kosrae
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Kwajalein
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Majuro
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Marquesas
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Midway
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Nauru
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Niue
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Norfolk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Noumea
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pago_Pago
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Palau
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Pitcairn
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Ponape
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Port_Moresby
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Rarotonga
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Saipan
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tahiti
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tarawa
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Tongatapu
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Truk
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wake
c:\program files\Gomez\GomezPEER\jre\lib\zi\Pacific\Wallis
c:\program files\Gomez\GomezPEER\jre\lib\zi\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\AST4ADT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\CST6CDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\EST5EDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\HST10
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\MST7MDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\PST8PDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9
c:\program files\Gomez\GomezPEER\jre\lib\zi\SystemV\YST9YDT
c:\program files\Gomez\GomezPEER\jre\lib\zi\WET
c:\program files\Gomez\GomezPEER\jre\lib\zi\ZoneInfoMappings
c:\program files\Gomez\GomezPEER\jre\LICENSE
c:\program files\Gomez\GomezPEER\jre\LICENSE.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_de.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_es.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_fr.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_it.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ja.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_ko.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_sv.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_CN.rtf
c:\program files\Gomez\GomezPEER\jre\LICENSE_zh_TW.rtf
c:\program files\Gomez\GomezPEER\jre\README.txt
c:\program files\Gomez\GomezPEER\jre\THIRDPARTYLICENSEREADME.txt
c:\program files\Gomez\GomezPEER\jre\Welcome.html
c:\program files\Gomez\GomezPEER\mname.ini
c:\program files\Gomez\GomezPEER\peer.log
c:\program files\Gomez\GomezPEER\ReadMe.txt
c:\program files\Gomez\GomezPEER\uninstall.exe
c:\program files\Gomez\GomezPEER\upatelog.txt
c:\program files\Gomez\GomezPEER\version.xml
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
c:\users\comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GomezPEER.lnk

.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-22 16:07 . 2010-01-14 16:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-21 19:19 . 2007-07-24 20:58 95616 ----a-w- c:\windows\system32\junction.exe
2010-02-21 19:12 . 2007-07-24 20:58 95616 ----a-w- c:\windows\junction.exe
2010-02-21 03:46 . 2010-02-21 03:47 -------- d-----w- c:\users\comp\AppData\Local\Adobe
2010-02-21 01:35 . 2010-02-21 01:35 -------- d-----w- c:\program files\FJTech
2010-02-19 22:07 . 2010-02-19 22:11 -------- d-----w- c:\users\comp\AppData\Local\Temporary Projects
2010-02-19 03:18 . 2010-02-19 03:18 -------- d-----w- c:\users\comp\AppData\Local\Apple
2010-02-19 03:16 . 2010-02-19 23:45 -------- d-----w- c:\users\comp\AppData\Local\Apple Computer
2010-02-17 21:04 . 2010-02-17 21:04 -------- d-----w- C:\$AVG
2010-02-17 21:02 . 2010-02-17 21:02 -------- d-----w- c:\program files\AVG
2010-02-17 21:01 . 2010-02-21 16:45 -------- d-----w- c:\programdata\avg9
2010-02-17 02:33 . 2010-02-17 02:33 -------- d-----w- c:\program files\MixMeister BPM Analyzer
2010-02-15 16:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-02-13 21:09 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-13 21:09 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-12 05:34 . 2010-02-12 05:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-02-12 05:34 . 2010-02-12 05:35 -------- d-----w- c:\program files\DivX
2010-02-10 16:47 . 2010-02-10 16:47 -------- d-----w- c:\program files\ASCII
2010-02-10 15:27 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 15:27 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 15:27 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 15:27 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-06 20:33 . 2010-02-06 20:33 -------- d-----w- c:\users\comp\AppData\Local\Opera
2010-02-06 20:32 . 2010-02-06 20:32 -------- d-----w- c:\program files\Opera
2010-02-06 20:29 . 2010-02-06 20:29 -------- d-----w- c:\users\comp\AppData\Local\Native Instruments
2010-02-05 21:52 . 2010-02-05 21:52 -------- dc----w- c:\programdata\{DFE2E7B1-6B2C-4104-9C65-82A52ECA8CB8}
2010-02-05 17:47 . 2009-12-17 20:02 123280 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-02-05 17:46 . 2009-12-17 20:02 41616 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-02-01 05:29 . 2010-02-01 16:12 -------- d-----w- c:\program files\Celebrity Toolbar
2010-02-01 04:15 . 2010-02-01 04:19 -------- d-----w- c:\program files\Common Files\Native Instruments
2010-02-01 04:02 . 2010-02-01 04:02 -------- d-----w- c:\programdata\CyberLink
2010-01-28 19:53 . 2010-01-28 19:53 -------- d-----w- c:\programdata\Seagate
2010-01-28 19:53 . 2010-01-28 19:53 -------- d-----w- c:\program files\Seagate
2010-01-28 19:52 . 2010-01-28 19:56 -------- d-----w- c:\users\comp\AppData\Local\Downloaded Installations
2010-01-28 19:52 . 2010-01-28 19:52 -------- d-sh--w- c:\windows\ftpcache
2010-01-28 19:46 . 2010-01-28 19:46 -------- d-----w- C:\archive_db
2010-01-28 19:40 . 2010-01-28 19:40 -------- d-----w- c:\programdata\Paragon
2010-01-28 19:39 . 2010-01-15 17:21 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-01-28 19:37 . 2010-01-28 19:37 -------- d-----w- c:\program files\Paragon Software
2010-01-27 02:53 . 2010-02-17 04:40 -------- d-----w- c:\program files\Native Instruments
2010-01-26 23:27 . 2010-01-26 23:27 -------- d-----w- c:\users\comp\AppData\Roaming\Leadertech
2010-01-24 22:19 . 2010-01-24 22:19 -------- d-----w- c:\program files\ChemProfessor
2010-01-24 22:08 . 2010-01-24 22:09 -------- d-----w- c:\program files\The Solutions Assistant
2010-01-24 22:08 . 2010-01-24 22:08 286720 ------w- c:\windows\Setup1.exe
2010-01-24 22:08 . 2010-01-24 22:08 73216 ----a-w- c:\windows\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 22:14 . 2009-12-12 02:26 -------- d-----w- c:\program files\Common Files\Akamai
2010-02-20 20:10 . 2009-10-21 18:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-19 23:38 . 2009-12-29 01:59 -------- d-----w- c:\program files\Club Bing Toolbar Helper
2010-02-19 19:30 . 2009-11-12 23:39 -------- d-----w- c:\program files\a-squared Free
2010-02-19 19:03 . 2009-10-21 18:33 119512 ----a-w- c:\users\comp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-17 01:01 . 2010-02-17 01:01 52224 ----a-w- c:\users\comp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 01:01 . 2009-10-27 15:52 117760 ----a-w- c:\users\comp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 00:10 . 2009-10-21 18:43 -------- d-----w- c:\users\comp\AppData\Roaming\Skype
2010-02-16 22:45 . 2009-10-22 03:14 -------- d-----w- c:\users\comp\AppData\Roaming\skypePM
2010-02-16 16:35 . 2010-01-03 07:10 -------- d-----w- c:\program files\Swag_Bucks
2010-02-16 16:25 . 2009-10-21 18:32 -------- d-----w- c:\program files\Google
2010-02-16 13:46 . 2008-08-19 02:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-16 13:21 . 2008-08-19 02:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 13:03 . 2009-11-22 17:02 -------- d-----w- c:\program files\Bulk Image Downloader
2010-02-13 19:49 . 2009-12-03 03:00 -------- d-----w- c:\program files\Paint.NET
2010-02-12 01:38 . 2009-11-22 21:17 -------- d-----w- c:\users\comp\AppData\Roaming\vlc
2010-02-11 22:05 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-08 22:10 . 2010-02-08 22:10 1924744 ----a-w- c:\users\comp\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2010-02-06 23:33 . 2009-12-31 06:47 -------- d-----w- c:\users\comp\AppData\Roaming\Panasonic
2010-01-27 03:01 . 2009-10-28 15:43 -------- d-----w- c:\program files\VstPlugins
2010-01-24 01:47 . 2009-10-29 21:15 -------- d-----w- c:\users\comp\AppData\Roaming\.purple
2010-01-23 02:22 . 2008-08-19 02:24 -------- d-----w- c:\program files\Common Files\Java
2010-01-23 02:21 . 2008-08-19 02:24 -------- d-----w- c:\program files\Java
2010-01-21 23:44 . 2010-01-21 23:44 -------- d-----w- c:\users\comp\AppData\Roaming\CyberLink
2010-01-21 14:21 . 2009-10-22 02:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 19:01 . 2010-01-20 19:01 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-01-20 19:01 . 2010-01-20 19:01 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-01-20 19:01 . 2010-01-20 19:00 -------- d-----w- c:\program files\Ulead GIF Animator 4.0
2010-01-20 17:15 . 2010-02-17 00:26 52224 ----a-w- c:\users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
2010-01-20 17:15 . 2010-02-17 00:26 101376 ----a-w- c:\users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
2010-01-17 23:26 . 2009-11-09 00:06 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-17 23:24 . 2008-08-19 02:36 -------- d-----w- c:\program files\Microsoft.NET
2010-01-17 23:18 . 2009-11-09 00:03 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-01-17 21:25 . 2009-11-21 05:25 4286 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{5458451B-3D61-4ABC-B527-B7B0C3736ED0}\_684D273809DBA3C47EDB7A.exe
2010-01-17 21:25 . 2009-11-21 05:25 4286 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{5458451B-3D61-4ABC-B527-B7B0C3736ED0}\_52337FCA2F4252E6FE3076.exe
2010-01-17 21:25 . 2009-11-21 05:25 -------- d-----w- c:\program files\Grabber
2010-01-16 05:07 . 2010-01-16 05:07 -------- d-----w- c:\program files\Educational Simulations
2010-01-15 19:00 . 2010-01-15 18:58 3310 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
2010-01-15 19:00 . 2010-01-15 18:58 1078 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
2010-01-15 19:00 . 2010-01-15 18:58 1078 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
2010-01-15 19:00 . 2010-01-15 18:58 1078 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
2010-01-15 19:00 . 2010-01-15 18:58 1078 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
2010-01-15 19:00 . 2010-01-15 18:58 1078 ----a-r- c:\users\comp\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
2010-01-15 18:58 . 2010-01-15 18:58 -------- d-----w- c:\program files\Power Tab Software
2010-01-15 17:21 . 2010-01-15 17:21 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2010-01-15 17:21 . 2010-01-15 17:21 249872 ----a-w- c:\windows\system32\prgiso.dll
2010-01-15 17:21 . 2010-01-15 17:21 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2010-01-15 17:21 . 2010-01-15 17:21 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2010-01-15 17:21 . 2010-01-15 17:21 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2010-01-10 05:00 . 2010-01-10 05:00 -------- d-----w- c:\programdata\NCH Software
2010-01-10 04:59 . 2010-01-10 04:59 -------- d-----w- c:\program files\NCH Software
2010-01-10 04:59 . 2010-01-10 04:59 -------- d-----w- c:\users\comp\AppData\Roaming\NCH Software
2010-01-10 04:07 . 2010-01-09 05:29 -------- d-----w- c:\program files\Common Files\DAZ
2010-01-10 00:46 . 2010-01-09 20:16 -------- d-----w- c:\users\comp\AppData\Roaming\Crayon Physics Deluxe
2010-01-09 20:16 . 2010-01-09 20:16 -------- d-----w- c:\program files\Crayon Physics Deluxe
2010-01-09 05:36 . 2010-01-09 05:36 -------- d-----w- c:\programdata\OptiTex
2010-01-09 05:29 . 2010-01-09 05:29 -------- d-----w- c:\users\comp\AppData\Roaming\DAZ 3D
2010-01-09 05:28 . 2010-01-09 05:28 -------- d-----w- c:\program files\DAZ 3D
2010-01-03 17:22 . 2009-12-21 23:58 -------- d-----w- c:\program files\Canasis
2010-01-03 07:10 . 2010-01-03 07:10 -------- d-----w- c:\program files\Conduit
2010-01-02 06:38 . 2010-01-22 15:15 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 15:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 15:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 15:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 07:44 . 2009-12-31 07:44 -------- d-----w- c:\program files\Bulk Image Resizer
2009-12-31 07:24 . 2009-12-31 07:24 -------- d-----w- c:\users\comp\AppData\Roaming\ArcSoft
2009-12-31 06:43 . 2009-12-31 06:42 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-12-31 06:41 . 2009-12-31 06:41 -------- d-----w- c:\program files\ArcSoft
2009-12-29 01:59 . 2009-12-29 01:59 -------- d-----w- c:\program files\Club Bing Toolbar
2009-12-28 12:35 . 2010-02-10 15:26 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:35 . 2010-02-10 15:26 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:32 . 2010-02-10 15:26 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32 . 2010-02-10 15:26 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32 . 2010-02-10 15:26 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32 . 2010-02-10 15:26 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31 . 2010-02-10 15:26 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31 . 2010-02-10 15:26 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28 . 2010-02-10 15:26 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28 . 2010-02-10 15:26 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-28 04:19 . 2009-12-28 04:19 -------- d-----w- c:\program files\AutoHotkey
2009-12-17 22:14 . 2009-11-23 08:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 20:02 . 2009-12-17 20:02 99152 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-12-10 03:44 . 2009-12-10 03:44 155136 ----a-w- c:\windows\system32\RemoteControl.dll
2009-12-08 20:52 . 2010-02-10 15:26 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-12-04 16:12 . 2010-02-10 15:26 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2009-12-04 16:12 . 2010-02-10 15:26 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-24 23:54 . 2009-10-27 15:09 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-10-27 15:10 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-27 15:10 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-27 15:10 97480 ----a-w- c:\windows\system32\AvastSS.scr
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2010-02-16 16:35 2349080 ----a-w- c:\program files\Swag_Bucks\tbSwa1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-11-04 02:12 556432 ----a-w- c:\progra~1\MICROS~3\Office14\URLREDIR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\tbSwa1.dll" [2010-02-16 2349080]

[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-20 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"TrayServer"="c:\program files\MAGIX\Movie_Edit_Pro_12\TrayServer.exe" [2006-10-04 86016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-09 198160]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

c:\users\comp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2009-11-3 225680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/27/2009 10:10 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/12/2009 8:24 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [11/12/2009 6:39 PM 1858144]
R2 ACEDRV08;ACEDRV08;c:\windows\System32\drivers\ACEDRV08.sys [10/27/2009 11:51 AM 108768]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [1/20/2008 9:23 PM 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/27/2009 10:10 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/27/2009 10:09 AM 53328]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [7/30/2008 12:40 AM 112128]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\System32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [5/12/2008 11:48 PM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [6/11/2008 8:28 PM 43608]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/27/2009 2:34 PM 133104]
S3 B-Service;B-Service;c:\users\comp\AppData\Roaming\Mikogo\B-Service.exe [11/3/2009 3:40 PM 185640]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [10/27/2009 11:37 AM 1527900]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [8/18/2008 9:28 PM 3658752]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [10/27/2009 11:38 AM 544768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [12/17/2009 3:02 PM 99152]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 7:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\System32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 7:28 PM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 19:34]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-27 19:34]

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{F0F03E25-B536-4A56-94BA-6D8346B81D16}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.swagbucks.com/
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=1009&m=m-7301u
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 200.110.244.81:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\fz7c77ws.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Swag Bucks Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\users\comp\AppData\Roaming\Mozilla\Firefox\Profiles\fz7c77ws.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
AddRemove-GomezPEER - c:\program files\Gomez\GomezPEER\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 17:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\SUPERAntiSpyware\97d5bf24-38c5-4d97-9562-acbfb17921d4.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-02-22 17:23:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-22 22:23

Pre-Run: 15,364,333,568 bytes free
Post-Run: 15,181,930,496 bytes free

- - End Of File - - C821101C089577FFDBCBBE9FF999338F


#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:42 AM

Posted 22 February 2010 - 05:59 PM

Don't know why it deleted Gomez. Did you download it from the internet or buy it from them or a reputable store?

It did delete a couple of other files but I guess the only way to test this is to try and run a program which shut down before and see if it still does. If so I will unquarantine Gomez and we can try some other things.
Posted Image
m0le is a proud member of UNITE

#5 bluescreenedagain

bluescreenedagain
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 22 February 2010 - 06:04 PM

gomez is a free program that you get from their website, it sends packets to their client servers and pays you for your internet uptime, maybe because it sends and receives info it was detected as malware?

I'll try to run avast again and see if it shuts down still.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:42 AM

Posted 22 February 2010 - 07:20 PM

thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:42 AM

Posted 25 February 2010 - 07:51 PM

You still there, bluescreenedagain?
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:42 AM

Posted 28 February 2010 - 08:12 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. smile.gif

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users