Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something but not sure what


  • This topic is locked This topic is locked
84 replies to this topic

#1 wkfranc

wkfranc

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 07 December 2010 - 09:44 AM

Recently I have noticed several odd things on my computer that I am unable to undo/ fix. First, when I go to open my Task Manager it is not highlighted and I cannot access it. I have tried to run a command to access it but I get the message, "Task Manager has been disabled by your administrator", and the same for when I try to access regedit.exe ("Registry editing has been disabled by your administrator"). I cannot launch Skype, an hourglass comes up for a second or two but nothing opens. The same is true for Spybot- Search and Destroy, and McCaffee Security Scan plus (downloaded it when I downloaded the latest version of adobe flash player). When I try to download my updates (Windows Service Pack 3) the process gets to the end and then a message pops up and says an error has occurred. I have the logs saved for this error message if they would be useful to view. I downloaded and tried to run GMER but my computer freezes every time try to run it (I'm not sure if this has to do with 32-bit v. 64-bit, I really have no idea what that means). Lastly, I am not all that good with computers so if someone can and does help me can you please keep the language and instructions simple or otherwise I won't understand. Thank you for any help in advance I really appreciate it, and if anything else is necessary please let me know and I will try to gather the appropriate information.

Here is my DDS.txt report:


DDS (Ver_10-12-05.01) - NTFSx86
Run by William Francis at 13:17:01.26 on Mon 12/06/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.176 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\winslfahc.exe
C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\wdd0d7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\William Francis\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.searchqu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Ownhis] c:\windows\system32\d?xplore.exe
uRun: [Sgxybsa] c:\windows\f?nts\??rvices.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\2rho27d6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1289399018&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\william francis\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\kqmrkh.sys --> c:\windows\system32\drivers\kqmrkh.sys [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\naveng.sys [2006-11-16 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\navex15.sys [2006-11-16 831880]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriver.sys --> c:\windows\system32\drivers\AVGIDSDriver.Sys [?]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilter.sys --> c:\windows\system32\drivers\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-9 156792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-9 255096]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-9 242808]
S4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-8-2 173392]
S4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-8-2 1267024]

=============== Created Last 30 ================

2010-12-05 18:15:22 -------- d-----w- c:\docume~1\willia~1\locals~1\applic~1\AskToolbar
2010-12-05 17:50:17 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-12-05 17:50:17 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2010-12-05 17:50:16 382464 ----a-w- c:\windows\system32\qmgr.dll
2010-12-05 17:50:16 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-12-05 17:50:14 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-12-05 17:48:57 2869248 ----a-w- c:\windows\system32\dllcache\sprb0401.dll
2010-12-05 17:47:59 3775 ----a-w- c:\windows\system32\drivers\adv11nt5.dll
2010-12-05 17:46:59 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2010-12-05 17:45:59 220160 ----a-w- c:\windows\system32\dllcache\mscandui.dll
2010-12-05 17:44:50 50688 ----a-w- c:\windows\system32\dllcache\twain_32.dll
2010-12-05 17:43:59 619008 ----a-w- c:\windows\system32\dllcache\dx7vb.dll
2010-12-05 17:42:58 78848 ----a-w- c:\windows\system32\dllcache\msiexec.exe
2010-12-05 17:41:50 8460800 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-12-01 18:40:34 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-01 16:30:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-01 15:52:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-01 15:47:48 -------- d-----w- c:\docume~1\willia~1\applic~1\Sammsoft
2010-12-01 15:45:31 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-12-01 15:45:04 -------- d-----w- c:\program files\Ask.com
2010-11-25 19:57:43 103140 --sh--r- C:\ovirfr.pif
2010-11-25 19:18:41 -------- d-sha-r- C:\cmdcons
2010-11-25 19:14:05 89088 ----a-w- c:\windows\MBR.exe
2010-11-25 19:14:05 256512 ----a-w- c:\windows\PEV.exe
2010-11-25 19:14:04 98816 ----a-w- c:\windows\sed.exe
2010-11-25 19:14:04 161792 ----a-w- c:\windows\SWREG.exe
2010-11-25 19:01:40 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-11-07 05:03:20 -------- d-----w- c:\docume~1\willia~1\applic~1\searchqutb
2010-11-07 05:03:11 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2010-11-07 05:02:26 150 ----a-w- c:\docume~1\willia~1\locals~1\applic~1\GLF75.tmp

==================== Find3M ====================

2003-04-11 20:11:34 520192 -csha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 13:20:09.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 14 December 2010 - 11:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 11:00 AM

Hi Gringo,

Thanks so much for getting back to my post, I was a little concerned for a moment because there are so many posts on this site. So new developments: for a few days my internet (firefox) was freezing almost every time I opened a page but I was prompted to upgrade to a new version and after I had downloaded it my problem with freezing had disappeared. I also uninstalled skype and then re-downloaded it from their website and it does open now, though I still have not tried to make a call with it. My task manager is still disabled and when I try to open Spybot it won't launch, I've not come across other programs that won't launch but there might be some. I have not tried to update my computer because it takes a long time and has recently been giving me that error message at the end of the download then takes a long time to uninstall whatever it had just tried to install. One more thing, I have this search tool on my internet toolbar called "Windows Searchqu Toolbar" and I cannot remove it when I go to my control panel. Otherwise, I did as you requested and here are my logs: Thank you again.


DDS (Ver_10-12-05.01) - NTFSx86
Run by William Francis at 10:20:30.64 on Wed 12/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.204 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\WI9130~1\DataMngr\DataMngrUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\aoatgq.exe
C:\Documents and Settings\William Francis\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.searchqu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Sammsoft Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Ownhis] c:\windows\system32\d?xplore.exe
uRun: [Sgxybsa] c:\windows\f?nts\??rvices.exe
uRun: [AROReminder] c:\program files\advanced registry optimizer\aro.exe -rem
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [PTRGMYGK] rundll32.exe ptmg1v.dll,DllRunMain
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\willia~1\applic~1\mozilla\firefox\profiles\2rho27d6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1289399018&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\william francis\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\kqmrkh.sys --> c:\windows\system32\drivers\kqmrkh.sys [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\naveng.sys [2006-11-16 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20061115.018\navex15.sys [2006-11-16 831880]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

=============== Created Last 30 ================

2010-12-15 04:05:07 -------- d-----r- c:\program files\Skype
2010-12-15 02:34:41 -------- d-----w- c:\docume~1\willia~1\applic~1\DriverCure
2010-12-15 02:34:39 -------- d-----w- c:\docume~1\willia~1\applic~1\ParetoLogic
2010-12-15 02:34:19 -------- d-----w- c:\program files\common files\ParetoLogic
2010-12-15 02:34:12 -------- d-----w- c:\program files\ParetoLogic
2010-12-15 02:34:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\ParetoLogic
2010-12-15 01:49:11 103140 ----a-w- C:\ovirfr.pif
2010-12-14 16:44:44 -------- d-----w- c:\docume~1\willia~1\applic~1\Malwarebytes
2010-12-14 16:44:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 16:44:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-14 16:44:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 16:44:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-05 18:15:22 -------- d-----w- c:\docume~1\willia~1\locals~1\applic~1\AskToolbar
2010-12-05 17:50:17 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-12-05 17:50:17 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2010-12-05 17:50:16 382464 ----a-w- c:\windows\system32\qmgr.dll
2010-12-05 17:50:16 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-12-05 17:50:14 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-12-05 17:48:57 2869248 ----a-w- c:\windows\system32\dllcache\sprb0401.dll
2010-12-05 17:47:59 3775 ----a-w- c:\windows\system32\drivers\adv11nt5.dll
2010-12-05 17:46:59 94208 ----a-w- c:\windows\system32\dllcache\fpencode.dll
2010-12-05 17:45:59 220160 ----a-w- c:\windows\system32\dllcache\mscandui.dll
2010-12-05 17:44:50 50688 ----a-w- c:\windows\system32\dllcache\twain_32.dll
2010-12-05 17:43:59 619008 ----a-w- c:\windows\system32\dllcache\dx7vb.dll
2010-12-05 17:42:58 78848 ----a-w- c:\windows\system32\dllcache\msiexec.exe
2010-12-05 17:41:50 8460800 ----a-w- c:\windows\system32\dllcache\shell32.dll
2010-12-01 18:40:34 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-01 16:30:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-01 15:52:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-01 15:47:48 -------- d-----w- c:\docume~1\willia~1\applic~1\Sammsoft
2010-12-01 15:45:31 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-12-01 15:45:04 -------- d-----w- c:\program files\Ask.com
2010-11-25 19:18:41 -------- d-sha-r- C:\cmdcons
2010-11-25 19:14:05 89088 ----a-w- c:\windows\MBR.exe
2010-11-25 19:14:05 256512 ----a-w- c:\windows\PEV.exe
2010-11-25 19:14:04 98816 ----a-w- c:\windows\sed.exe
2010-11-25 19:14:04 161792 ----a-w- c:\windows\SWREG.exe
2010-11-25 19:01:40 -------- d--h--w- c:\windows\system32\GroupPolicy

==================== Find3M ====================

2003-04-11 20:11:34 520192 -csha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 10:24:48.18 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2004 4:28:33 PM
System Uptime: 12/15/2010 10:03:46 AM (0 hours ago)

Motherboard: Dell Computer Corporation | | 0T4962
Processor: Mobile Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2797/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 5.339 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1256: 12/10/2010 8:03:28 PM - System Checkpoint
RP1257: 12/13/2010 9:23:09 PM - System Checkpoint
RP1258: 12/14/2010 10:54:28 PM - Removed Skype Toolbars
RP1259: 12/14/2010 10:55:34 PM - Removed Skype™ 5.0

==== Installed Programs ======================

Ad-aware 6 Personal
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Advanced Registry Optimizer
Ask Toolbar
AutoUpdate
BCM V.92 56K Modem
Comcast High-Speed Internet Install Wizard
Critical Update for Windows Media Player 11 (KB959772)
Dell Solution Center
Dell Wireless WLAN Card
DivX Codec
DVDSentry
Help and Support Customization
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 21
K-Lite Codec Pack 3.2.5 Standard
LG USB Drivers
LiveUpdate 2.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Merriam-Webster 3.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Helper
Mozilla Firefox (3.6.13)
MSN Music Assistant
OGA Notifier 2.0.0048.0
ParetoLogic PC Health Advisor
QuickSet
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939373)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942830)
Security Update for Windows XP (KB942831)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Skype™ 5.0
Spybot - Search & Destroy 1.3
Symantec AntiVirus
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Searchqu Toolbar
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888162
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

12/9/2010 11:09:55 PM, error: Schannel [36871] - A fatal error occurred while creating an SSL server credential.
12/15/2010 10:05:27 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SAVRT' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/14/2010 8:41:04 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.
12/12/2010 8:26:21 PM, error: Dhcp [1002] - The IP address lease 192.168.0.3 for the Network Card with network address 009096C43112 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/11/2010 10:32:47 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 009096C43112. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2181376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2181376 bytes
0x804D7000 RAW 2181376 bytes
0x804D7000 WMIxWDM 2181376 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF839B000 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF813C000 C:\WINDOWS\System32\DRIVERS\BCMSM.sys 1101824 bytes (Broadcom Corporation, Modem Device Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xECDA8000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\navex15.sys 827392 bytes (Symantec Corporation, AV Engine)
0xF82D0000 C:\WINDOWS\System32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF86D9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB9E30000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF8062000 C:\WINDOWS\System32\DRIVERS\update.sys 364544 bytes (Microsoft Corporation, Update Driver)
0xB9FF4000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB6715000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xEDF79000 C:\Program Files\Symantec AntiVirus\savrt.sys 323584 bytes (Symantec Corporation, AutoProtect)
0xB6012000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF826D000 C:\WINDOWS\system32\drivers\stac97.sys 262144 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xB9FB4000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 262144 bytes (Symantec Corporation, Network Dispatch Driver)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xB643B000 C:\WINDOWS\System32\drivers\RMCast.sys 204800 bytes (Microsoft Corporation, Reliable Multicast Transport)
0xF80BB000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 200704 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF8828000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF86AC000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB6A1E000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB5C74000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB9E9F000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB9F8C000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB6A4A000 C:\WINDOWS\System32\DRIVERS\nwrdr.sys 163840 bytes (Microsoft Corporation, NetWare Redirector File System Driver)
0xF8249000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF82AD000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF8364000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9F6A000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF87A2000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF87DA000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF87F9000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF8691000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF87C2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB6AD8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8779000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB676C000 C:\WINDOWS\System32\drivers\mqac.sys 94208 bytes (Microsoft Corporation, Windows NT MQ Access Control Device Driver)
0xF8125000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB6AC2000 C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB69B9000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8387000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x806EC000 ACPI_HAL 81280 bytes
0x806EC000 C:\WINDOWS\system32\hal.dll 81280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xBA04C000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xEDF66000 C:\Program Files\Symantec\SYMEVENT.SYS 77824 bytes (Symantec Corporation, Symantec Event Library)
0xF8766000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xECD96000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\naveng.sys 73728 bytes (Symantec Corporation, AV Engine)
0xF8790000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8817000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF8114000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB9F1A000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8947000 C:\WINDOWS\System32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xEE86F000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 65536 bytes (Symantec Corporation, SAVRTPEL)
0xF8A57000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8A47000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xECA9D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF88E7000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xB661D000 C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF8A37000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF88B7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8A17000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8A67000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8897000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8A87000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8A07000 C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF8A27000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8887000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8A77000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8509000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8569000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF88A7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xECAFD000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF89F7000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB637B000 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xF8877000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF8A97000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xECCCB000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEF15A000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xECAED000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF8B8F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xECB3D000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xECB55000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8BFF000 C:\DOCUME~1\WILLIA~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF8AF7000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8B6F000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8B87000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF8B7F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xECB4D000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xECB45000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8BAF000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF8AFF000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8B77000 C:\WINDOWS\System32\DRIVERS\point32.sys 20480 bytes (Microsoft Corporation, Point32.sys)
0xF8B9F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8BA7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF8B97000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8B67000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xECB5D000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8C8F000 C:\WINDOWS\System32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8D73000 C:\WINDOWS\System32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8D0F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB704B000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8C87000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8C8B000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xEBE32000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF864C000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEFA29000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8E27000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB7087000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8E11000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8DCB000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 8192 bytes (Microsoft Corporation, I2O Utility Filter)
0xF8D7B000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8D77000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8DA5000 C:\WINDOWS\system32\drivers\kqmrkh.sys 8192 bytes
0xF8E29000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8E2B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8DAD000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8DB7000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8D79000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8ECB000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xEBD9E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xEC349000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8E3F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ADPU160M.SYS]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [symdns.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [a308.sys]
WARNING: Virus alike driver modification [a314.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [ACPIEC.SYS]
WARNING: Virus alike driver modification [CPQDAP01.SYS]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [a302.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [AMSINT.SYS]
WARNING: Virus alike driver modification [NIKEDRV.SYS]
WARNING: Virus alike driver modification [RIO8DRV.SYS]
WARNING: Virus alike driver modification [RIODRV.SYS]
WARNING: Virus alike driver modification [WS2IFSL.SYS]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [ialmsbw.sys]
WARNING: Virus alike driver modification [FSVGA.SYS]
WARNING: Virus alike driver modification [mouhid.sys]
WARNING: Virus alike driver modification [NWLNKFLT.SYS]
WARNING: Virus alike driver modification [FTDISK.SYS]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [AHA154X.SYS]
WARNING: Virus alike driver modification [a305.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [CBIDF2K.SYS]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [SMCLIB.SYS]
WARNING: Virus alike driver modification [DAC960NT.SYS]
WARNING: Virus alike driver modification [ASC3550.SYS]
WARNING: Virus alike driver modification [CPQARRAY.SYS]
WARNING: Virus alike driver modification [INI910U.SYS]
WARNING: Virus alike driver modification [SYMC810.SYS]
WARNING: Virus alike driver modification [symfw.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [a306.sys]
WARNING: Virus alike driver modification [SymIDSCo.sys]
WARNING: Virus alike driver modification [MRAID35X.SYS]
WARNING: Virus alike driver modification [DAC2W2K.SYS]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [SPARROW.SYS]
WARNING: Virus alike driver modification [DPTI2O.SYS]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [vch.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [lgusbbus.sys]
WARNING: Virus alike driver modification [TSBVCAP.SYS]
WARNING: Virus alike driver modification [a307.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [ASC3350P.SYS]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [HPN.SYS]
WARNING: Virus alike driver modification [a309.sys]
WARNING: Virus alike driver modification [CINEMST2.SYS]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [ASC.SYS]
WARNING: Virus alike driver modification [PERC2.SYS]
WARNING: Virus alike driver modification [SYM_HI.SYS]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [a303.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [SYM_U3.SYS]
WARNING: Virus alike driver modification [ATMEPVC.SYS]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [NWLNKFWD.SYS]
WARNING: Virus alike driver modification [SYMC8XX.SYS]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [IPFLTDRV.SYS]
WARNING: Virus alike driver modification [QL10WNT.SYS]
WARNING: Virus alike driver modification [a310.sys]
WARNING: Virus alike driver modification [a311.sys]
WARNING: Virus alike driver modification [wa301a.sys]
WARNING: Virus alike driver modification [wa301b.sys]
WARNING: Virus alike driver modification [RAWWAN.SYS]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [ATMUNI.SYS]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [ULTRA.SYS]
WARNING: Virus alike driver modification [a313.sys]
WARNING: Virus alike driver modification [lgusbdiag.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [lgusbmodem.sys]
WARNING: Virus alike driver modification [QL1080.SYS]
WARNING: Virus alike driver modification [QL1240.SYS]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [QL12160.SYS]
WARNING: Virus alike driver modification [symids.sys]
WARNING: Virus alike driver modification [a304.sys]
WARNING: Virus alike driver modification [QL1280.SYS]
WARNING: Virus alike driver modification [TOSIDE.SYS]
WARNING: Virus alike driver modification [symndis.sys]
WARNING: Virus alike driver modification [TOSDVD.SYS]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [ALIIDE.SYS]
WARNING: Virus alike driver modification [PERC2HIB.SYS]
WARNING: Virus alike driver modification [AIC78U2.SYS]
WARNING: Virus alike driver modification [NWLNKSPX.SYS]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [AIC78XX.SYS]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [VDMINDVD.SYS]
WARNING: Virus alike driver modification [DMLOAD.SYS]
WARNING: Virus alike driver modification [ROOTMDM.SYS]
WARNING: Virus alike driver modification [df_u42.sys]
WARNING: Virus alike driver modification [NWLNKNB.SYS]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [CMDIDE.SYS]
WARNING: Virus alike driver modification [PARVDM.SYS]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [SONYPVU1.SYS]
WARNING: Virus alike driver modification [CD20XRNT.SYS]
WARNING: Virus alike driver modification [MCD.SYS]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [SYMEVENT.SYS]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [ialmkchw.sys]

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 11:22 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 12:01 PM

I downloaded combofix but Symantec is one of those programs I am not able to launch (can't disable it). When I click on it a little hour glass appears for a split second and then nothing happens. Is there some other way I can disable Symantec AntiVirus? Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 12:07 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 12:32 PM

I tried to start the computer in Safe Mode but I got the following message:

"A problem has been detected and windows has been shut down to prevent damage to your computer"; Technical Information: *** STOP: OxOOOOOOO7B (OxF8C96528, OxCOOOOO34, OxOOOOOOOO, OxOOOOOOOO)

I was first prompted what mode to select and I chose safe mode and then another black screen appeared and asked what operating system I wished to proceed with...

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 02:01 PM

Hello

does this happen only when you try to go into safe mode and you boot into windows normaly



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 02:16 PM

Not sure if I really understand, sorry. So I turned the computer off and then pressed F8 and came to a black screen. There was a list of options and I selected Safe Mode. I was then brought to another screen and was given three choices and I assumed I was supposed to go with Windows XP otherwise I don't know how I would go about opening and running Combofix... Does this make any sense to you? I can go back and try it again and give you more accurate details as to what my options are if that's necessary. Let me know, thank you

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 02:38 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 08:58 PM

Hi Gringo,

I was off at work so I haven't had time to continue working on this thing. Anyways, I'm back now and I tried to go to the TDSSkiller link you provided for the download but it doesn't not appear to be valid- I get a Problem loading page message from Firefox. Could you maybe provide me with a different link to that particular tool. Thanks, wkfranc

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 10:04 PM

Hello

try shuting down your antivirus or try using IE for this


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 10:09 PM

I forgot to mention this originally because it hasn't been a worry of mine for some time, but IE does not work for me. And like I said in my other post I can't launch Symantec, I click open/ double click and get an hour glass for a split second and then nothing... Is there a way to shut down Symantec without actually opening it? Thanks

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 AM

Posted 15 December 2010 - 10:20 PM

Hello

I want you to run combofix anyway even if it complains about symantic


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 wkfranc

wkfranc
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 December 2010 - 11:48 PM

Ok, I ran Combofix. When I tried to use the version I downloaded earlier today, it opened up and said that the file was corrupt or something to that effect. It basically froze and I had to reboot, then delete it, then download it another time with the link you provided. It took about 15 minutes to do its thing, then rebooted and took a really long time to produce the log (about 40 minutes). I'm going to bed now, but I will be back ready to work on this thing tomorrow morning. I really appreciate all your help. Here is the log Combofix produced:

ComboFix 10-12-15.04 - William Francis 12/15/2010 22:54:25.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.188 [GMT -5:00]
Running from: c:\documents and settings\William Francis\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchplugins\SearchquWebSearch.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\games\00d2dfc64c07a4f32824abac1d6f735b
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\games\3e4265e00cbc4a9cf22a105046a46d8a
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\games\44a5d79f5451d3036ba3986425e234c8
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\games\GameCategories.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\games\GameTypes.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\guid.dat
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\preferences.dat
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\stats.dat
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\uninstallFF.dat
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\weather\18fc090913f899bdcd1e92e3fe0dd4d0
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\weather\f78edcce249e1b2a70b71d0f890d850d
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\weather\forecasts_cache.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\weather\observations_cache.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\weatherbutton_prefs.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\widgets_cache\84b70525cff6359fdeca553342c23e4c
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\widgets_cache\bf5b6317ae07da699882fc948f22eda4
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\searchqutb\widgets_cache\widget_cache.xml
c:\documents and settings\William Francis\Application Data\searchqutb
c:\documents and settings\William Francis\Application Data\searchqutb\dtx.ini
c:\documents and settings\William Francis\Application Data\searchqutb\games\GameTypes.xml
c:\documents and settings\William Francis\Application Data\searchqutb\guid.dat
c:\documents and settings\William Francis\Application Data\searchqutb\log.txt
c:\documents and settings\William Francis\Application Data\searchqutb\preferences.dat
c:\documents and settings\William Francis\Application Data\searchqutb\stats.dat
c:\documents and settings\William Francis\Application Data\searchqutb\widgets_cache\category_cache.xml
c:\documents and settings\William Francis\Application Data\searchqutb\widgets_cache\widget_cache.xml
C:\ovirfr.pif
c:\program files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\DataMngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe
c:\program files\Windows Searchqu Toolbar\INSTALL.LOG
c:\program files\Windows Searchqu Toolbar\main.ico
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\UNWISE.EXE
c:\program files\Windows Searchqu Toolbar\UnwiseLauncher.exe
c:\windows\system32\_005009_.tmp.dll
c:\windows\system32\_005010_.tmp.dll
c:\windows\system32\_005011_.tmp.dll
c:\windows\system32\_005012_.tmp.dll
c:\windows\system32\_005019_.tmp.dll
c:\windows\system32\_005020_.tmp.dll
c:\windows\system32\_005021_.tmp.dll
c:\windows\system32\_005023_.tmp.dll
c:\windows\system32\_005024_.tmp.dll
c:\windows\system32\_005027_.tmp.dll
c:\windows\system32\_005028_.tmp.dll
c:\windows\system32\_005030_.tmp.dll
c:\windows\system32\_005031_.tmp.dll
c:\windows\system32\_005032_.tmp.dll
c:\windows\system32\_005034_.tmp.dll
c:\windows\system32\_005037_.tmp.dll
c:\windows\system32\_005038_.tmp.dll
c:\windows\system32\_005039_.tmp.dll
c:\windows\system32\_005042_.tmp.dll
c:\windows\system32\_005043_.tmp.dll
c:\windows\system32\_005045_.tmp.dll
c:\windows\system32\_005048_.tmp.dll
c:\windows\system32\_005051_.tmp.dll
c:\windows\system32\_005052_.tmp.dll
c:\windows\system32\_005053_.tmp.dll
c:\windows\system32\_005054_.tmp.dll
c:\windows\system32\_005057_.tmp.dll
c:\windows\system32\_005058_.tmp.dll
c:\windows\system32\_005059_.tmp.dll
c:\windows\system32\_005060_.tmp.dll
c:\windows\system32\_005061_.tmp.dll
c:\windows\system32\_005066_.tmp.dll
c:\windows\system32\_005068_.tmp.dll
c:\windows\system32\_005069_.tmp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Service_amsint32


((((((((((((((((((((((((( Files Created from 2010-11-16 to 2010-12-16 )))))))))))))))))))))))))))))))
.

2010-12-16 04:25 . 2010-12-16 04:25 103140 --sh--r- C:\bdgre.pif
2010-12-16 04:24 . 2010-12-16 04:24 103140 --sh--r- C:\enltur.pif
2010-12-15 04:05 . 2010-12-15 04:05 -------- d-----w- c:\program files\Common Files\Skype
2010-12-15 04:05 . 2010-12-15 04:05 -------- d-----r- c:\program files\Skype
2010-12-15 02:34 . 2010-12-15 02:34 -------- d-----w- c:\documents and settings\William Francis\Application Data\DriverCure
2010-12-15 02:34 . 2010-12-15 02:34 -------- d-----w- c:\documents and settings\William Francis\Application Data\ParetoLogic
2010-12-15 02:34 . 2010-12-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-12-15 02:34 . 2010-12-15 02:34 -------- d-----w- c:\program files\ParetoLogic
2010-12-14 16:44 . 2010-12-14 16:44 -------- d-----w- c:\documents and settings\William Francis\Application Data\Malwarebytes
2010-12-14 16:44 . 2010-11-30 16:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-14 16:44 . 2010-12-14 16:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-14 16:44 . 2010-12-14 16:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-14 16:44 . 2010-11-30 16:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-05 17:50 . 2004-08-04 06:07 15488 ----a-w- c:\windows\system32\drivers\mssmbios.sys
2010-12-05 17:50 . 2004-08-04 05:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-12-05 17:50 . 2004-08-04 07:56 382464 ----a-w- c:\windows\system32\qmgr.dll
2010-12-05 17:50 . 2004-08-04 06:08 26624 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-12-05 17:50 . 2004-08-04 07:56 2897920 ----a-w- c:\windows\system32\xpsp2res.dll
2010-12-05 17:47 . 2004-08-04 07:56 3775 ----a-w- c:\windows\system32\drivers\adv11nt5.dll
2010-12-05 17:45 . 2004-08-04 06:07 41088 ----a-w- c:\windows\system32\drivers\sisagp.sys
2010-12-05 17:45 . 2004-08-04 06:07 42240 ----a-w- c:\windows\system32\drivers\viaagp.sys
2010-12-05 17:45 . 2004-03-19 22:34 259584 ----a-w- c:\windows\system32\dllcache\comsetup.dll
2010-12-05 17:41 . 2009-02-09 10:20 616960 ----a-w- c:\windows\system32\dllcache\advapi32.dll
2010-12-05 17:40 . 2009-05-07 15:44 344064 ----a-w- c:\windows\system32\localspl.dll
2010-12-01 18:40 . 2010-12-01 18:40 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-01 16:30 . 2010-12-06 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-01 15:52 . 2010-12-06 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-26 04:49 . 2010-12-09 16:28 -------- d-----w- c:\documents and settings\William Francis\Application Data\vlc
2010-11-25 19:01 . 2010-11-25 19:01 -------- d--h--w- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-07 05:02 . 2010-11-07 05:02 150 ----a-w- c:\documents and settings\William Francis\Local Settings\Application Data\GLF75.tmp
2003-04-11 20:11 520192 -csha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ownhis"="c:\windows\System32\d?xplore.exe" [?]
"Sgxybsa"="c:\windows\F?nts\??rvices.exe" [?]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-03 14944136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 196608]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2004-03-05 565248]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 136312]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-03 124232]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 233472]
"PTRGMYGK"="ptmg1v.dll" [2006-03-07 200704]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 163840]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 155648]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1462272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 109424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 322280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 147508]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\OSA9.EXE"=
"c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe"=
"c:\\WINDOWS\\system32\\WLTRAY.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\WINDOWS\\BCMSMMSG.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\WINDOWS\\System32\\DSentry.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Documents and Settings\\William Francis\\My Documents\\Downloads\\ComboFix.exe"=
"c:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\Temp\\uxamfh.exe"=
"c:\\DOCUME~1\\WILLIA~1\\LOCALS~1\\Temp\\wbbb75.exe"=

S3 Avgfwdx;Avgfwdx;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [7/12/2010 4:33 AM 30432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AMSINT32
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\William Francis\Application Data\Mozilla\Firefox\Profiles\2rho27d6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1289399018&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-DataMngr - c:\progra~1\WI9130~1\DataMngr\DataMngrUI.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 23:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(888)
c:\windows\system32\sxs.dll

- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\windows\System32\msdtc.exe
c:\windows\System32\snmp.exe
c:\windows\System32\mqsvc.exe
c:\windows\System32\mqtgsvc.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\WILLIA~1\LOCALS~1\Temp\uxamfh.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\docume~1\WILLIA~1\LOCALS~1\Temp\wbbb75.exe
.
**************************************************************************
.
Completion time: 2010-12-15 23:42:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-16 04:42
ComboFix2.txt 2010-11-25 20:16

Pre-Run: 5,940,297,728 bytes free
Post-Run: 6,139,723,776 bytes free

- - End Of File - - 46528B5B27EA9583F1E68D91526FA40B




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users