Voltza Posted March 16, 2013 ID:657714 Share Posted March 16, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2Run by Ross at 17:40:51 on 2013-03-16Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2065 [GMT 0:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exeC:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\mfevtps.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Users\Ross\AppData\Roaming\MySql\vMySql.exeC:\Windows\syswow64\svchost.exeC:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exeC:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Users\Ross\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Ask.com\Updater\Updater.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Java\jre7\bin\javaw.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files\Java\jre7\bin\java.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Mumble\mumble.exeC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Nero\Update\NASvc.exeC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskmgr.exeC:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exeC:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.126\deploy\LoLLauncher.exeC:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.249\deploy\LolClient.exeC:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Ross\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.searchnu.com/406uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dlluWindows: Load = C:\Users\Ross\LOCALS~1\Temp\msaacvepx.exemWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120629133441.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dllBHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dllBHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dlluRun: [MySql] C:\Users\Ross\AppData\Roaming\MySql\vMySql.exeuRun: [Chrome Browser] C:\ProgramData\Chrome Browser0\qxjkxkfrd.exeuRun: [GlacierProductions] C:\Users\Ross\AppData\Roaming\Bandwidth\self.exeuRun: [Microsoft Routing Utilities] C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exemRun: [Conime] C:\Windows\System32\conime.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"StartupFolder: C:\Users\Ross\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\windows.lnk - C:\Users\Ross\AppData\Roaming\Microsoft\update.exeStartupFolder: C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabTCP: NameServer = 192.168.1.254TCP: Interfaces\{6CBC0B4C-5CF8-44FD-8D5A-8D710DB4EF5A} : DHCPNameServer = 192.168.1.254TCP: Interfaces\{9970BEC5-FBAD-46B2-A739-922CFEF0A032} : DHCPNameServer = 10.72.0.72 10.72.0.73Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dllSSODL: WebCheck - <orphaned>x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120629133441.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cabx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 771536]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-13 340216]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-12 55856]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-13 204288]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2465712]R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-15 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-15 682344]R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-12 241456]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-12 218760]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-12-12 182752]R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2011-12-31 40960]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-12 1692480]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-12-13 231440]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-13 70112]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-15 24176]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-13 309840]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-13 515968]R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-13 539240]R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8192su.sys [2011-12-31 676864]R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\System32\drivers\BthAvrcp.sys [2009-8-13 29184]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-27 196440]S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-12 220528]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-13 106552]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-1 1255736]S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-27 201304]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-03-16 14:19:28 7168 ---h--r- C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exe2013-03-16 13:50:20 -------- d-sh--w- C:\ProgramData\highworker02013-03-16 09:42:51 -------- d-----w- C:\Users\Ross\AppData\Local\APN2013-03-16 09:42:51 -------- d-----w- C:\Program Files (x86)\Ask.com2013-03-16 09:42:51 -------- d-----w- C:\Firefox2013-03-16 09:32:24 -------- d-----w- C:\ProgramData\Ask2013-03-16 09:31:57 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-16 09:31:50 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-15 23:44:55 197513 ----a-w- C:\Users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exe2013-03-15 23:02:12 -------- d-----w- C:\Users\Ross\AppData\Roaming\dclogs2013-03-15 22:54:51 1007616 ----a-w- C:\Users\Ross\AppData\Roaming\marketevodone.exe2013-03-15 22:49:32 32 ----a-w- C:\Users\Ross\AppData\Roaming\data.bin2013-03-15 22:49:14 -------- d-----w- C:\Users\Ross\AppData\Roaming\Malwarebytes2013-03-15 22:49:04 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-15 22:49:01 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-15 22:49:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-03-15 22:48:52 -------- d-----w- C:\Users\Ross\AppData\Local\Programs2013-03-15 22:45:10 -------- d-----w- C:\Users\Ross\AppData\Roaming\adm642013-03-15 22:42:13 -------- d-----w- C:\Users\Ross\AppData\Roaming\Bandwidth2013-03-15 22:38:24 540696 ----a-w- C:\Users\Ross\AppData\Roaming\botnew.exe2013-03-15 22:37:10 -------- d-sh--w- C:\Users\Ross\4040642013-03-15 22:36:33 -------- d-sh--w- C:\Users\Ross\7728662013-03-15 22:29:24 -------- d-----w- C:\Users\Ross\AppData\Roaming\i2013-03-15 22:17:55 -------- d-----w- C:\Users\Ross\AppData\Roaming\files2013-03-15 22:17:53 9216 ----a-w- C:\Users\Ross\AppData\Roaming\ndc066BMMFJ.exe2013-03-15 22:14:23 -------- d-sh--w- C:\Users\Ross\6523862013-03-15 22:14:21 -------- d-sh--w- C:\Users\Ross\7628882013-03-15 22:13:36 47616 ----a-w- C:\Users\Ross\AppData\Roaming\6lSKradD2hOa.bak2013-03-15 22:03:07 -------- d-sh--w- C:\ProgramData\Chrome Browser02013-03-10 20:57:29 1075572 ----a-w- C:\Users\Ross\AppData\Roaming\JuChecking.exe2013-03-10 20:55:48 -------- d-----w- C:\Users\Ross\AppData\Roaming\Mining2013-03-09 22:24:10 229376 ----a-w- C:\Users\Ross\AppData\Roaming\MySql.exe2013-03-09 20:35:22 -------- d-----w- C:\Users\Ross\AppData\Roaming\MySql2013-03-09 19:38:45 1738128 ----a-w- C:\Users\Ross\ifjpjxmn.exe2013-03-03 14:09:10 -------- d-----w- C:\Users\Ross\AppData\Roaming\TSO2013-03-03 14:04:30 -------- d-----w- C:\Program Files (x86)\DSA Car Theory Test.==================== Find3M ====================.2013-03-16 09:31:43 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-02-19 13:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys2013-02-19 13:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2013-02-19 13:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe2013-02-19 13:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2013-02-19 13:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys2013-02-19 13:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2013-02-19 13:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2013-02-19 13:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2013-02-19 13:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS.============= FINISH: 17:41:21.64 ===============DDS^^.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 25/12/2011 10:24:28System Uptime: 16/03/2013 15:46:43 (2 hours ago).Motherboard: Dell Inc. | | 0GDG8Y Processor: Intel® Core i5-2320 CPU @ 3.00GHz | CPU 1 | 1590/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 451 GiB total, 357.321 GiB free.D: is CDROM (CDFS)E: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP103: 24/02/2013 14:18:03 - Scheduled CheckpointRP104: 27/02/2013 22:55:45 - Windows UpdateRP105: 03/03/2013 14:03:53 - Installed The Official DSA Theory Test for Car DriversRP106: 13/03/2013 16:52:02 - Windows UpdateRP107: 14/03/2013 22:31:02 - Windows UpdateRP108: 16/03/2013 09:31:17 - Installed Java 7 Update 17.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 10 ActiveXAdobe Reader X (10.1.3) MUIaioprntaioscnnrAMD APP SDK RuntimeArmagetron Advanced 0.2.8.3.2Ask ToolbarAsk Toolbar UpdaterAssaultCube v1.1.0.4ATI AVIVO64 CodecsATI Catalyst Install ManagerBejeweled 2 DeluxeBing BarBing Rewards Client InstallerBlackhawk Striker 2BlioBounce SymphonyBuild-a-lot 2C4USelfUpdaterCake ManiaCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishcenterChuzzle DeluxeCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleConexant HD AudioCounter-Strike 1.6CyberLink PowerDVD 9.5D3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Edoc ViewerDell Getting Started GuideDell MusicStageDell PhotoStageDell StageDell Stage RemoteDell Support CenterDell VideoStage Diner Dash 2 Restaurant RescueDirectX 9 RuntimeDora's World AdventureDota 2eBayEdimax Wireless LAN Driver and UtilityEpicBotEscape Whisper Valley essentialsFarm FrenzyFATEFinal Drive FuryFinal Drive NitroGoogle ChromeGoogle EarthGoogle Update HelperHigh-Definition Video PlaybackiLividJava 7 Update 17Java 7 Update 7 (64-bit)Java Auto UpdaterJava SE Development Kit 7 Update 7 (64-bit)Java 6 Update 27 (64-bit)Java 6 Update 31Jewel QuestJewel Quest Solitaire 2Junk Mail filter updateKodak AIO PrinterKODAK AiO SoftwareLeague of LegendsLogMeIn HamachiLuxorMalwarebytes Anti-Malware version 1.70.0.1100McAfee SecurityCenterMesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Starter 2010 - EnglishMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319mIRCMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mumble 1.2.3Namco All-Stars PAC-MANNero 10 Movie ThemePack BasicNero Control Center 10Nero ControlCenter 10 Help (CHM)Nero Core Components 10Nero UpdateNorton Security ScanocrOpenALPando Media BoosterPenguins!PhotoShowExpressPlants vs. Zombies - Game of the YearPlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPreReqRBVirtualFolder64InstRoxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSamantha SwiftSearchqu ToolbarSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shared C Run-time for x64Skype Click to CallSkype™ 6.0Sonic CinePlayer Decoder PackSteamSyncUPTeam Fortress 2The Official DSA Theory Test for Car DriversUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVirtual Villagers 4 - The Tree of LifeWedding Dash - Ready, Aim, Love!WildTangent GamesWildTangent Games App (Dell Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 4.20 (32-bit)World of WarcraftZinio Reader 4Zuma Deluxe.==== Event Viewer Messages From Past Week ========.16/03/2013 15:47:22, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell DataSafe Online service to connect.16/03/2013 15:47:22, Error: Service Control Manager [7000] - The Dell DataSafe Online service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.16/03/2013 09:26:45, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.16/03/2013 09:26:01, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 25.151.84.169. The computer with the IP address 25.29.103.168 did not allow the name to be claimed by this computer.15/03/2013 23:09:16, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.15/03/2013 23:04:27, Error: bowser [8003] - The master browser has received a server announcement from the computer HOME-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7192994C-531B-402E-A626-A5A2BAC683A3}. The master browser is stopping or an election is being forced.15/03/2013 23:02:00, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.15/03/2013 16:32:05, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.13/03/2013 16:41:25, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.13/03/2013 16:41:22, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .10/03/2013 16:40:12, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================Attactch^^ Link to post Share on other sites More sharing options...
Staff CatByte Posted March 16, 2013 Staff ID:657789 Share Posted March 16, 2013 Please run the following:Please download aswMBR.exe and save it to your desktop.Double click aswMBR.exe to start the tool. When asked if you want to download Avast's virus definitions please select Yes.Click ScanUpon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet. You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well. Link to post Share on other sites More sharing options...
Voltza Posted March 16, 2013 Author ID:657815 Share Posted March 16, 2013 MBR.zipMBR.zipMBR.zipMBR.zipaswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-03-16 21:42:19-----------------------------21:42:19.372 OS Version: Windows x64 6.1.7601 Service Pack 121:42:19.372 Number of processors: 4 586 0x2A0721:42:19.372 ComputerName: ROSS-PC UserName: Ross21:42:20.485 Initialize success21:45:28.271 AVAST engine defs: 1303160021:46:00.779 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:46:00.782 Disk 0 Vendor: WDC_WD5000AAKX-753CA1 19.01H19 Size: 476940MB BusType: 321:46:00.808 Disk 0 MBR read successfully21:46:00.811 Disk 0 MBR scan21:46:00.816 Disk 0 Windows VISTA default MBR code21:46:00.818 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 6321:46:00.830 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 8192021:46:00.844 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461733 MB offset 3114188821:46:00.865 Disk 0 scanning C:\Windows\system32\drivers21:46:08.296 Service scanning21:46:24.314 Modules scanning21:46:24.322 Disk 0 trace - called modules:21:46:24.340 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys21:46:24.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d4d060]21:46:24.352 3 CLASSPNP.SYS[fffff8800148b43f] -> nt!IofCallDriver -> [0xfffffa80046bbe40]21:46:24.357 5 ACPI.sys[fffff88000f307a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049ba060]21:46:24.951 AVAST engine scan C:\Windows21:46:27.102 AVAST engine scan C:\Windows\system3221:50:22.769 AVAST engine scan C:\Windows\system32\drivers21:50:34.611 AVAST engine scan C:\Users\Ross21:53:02.473 File: C:\Users\Ross\AppData\Local\Temp\dgvtnjvvwsq.exe **INFECTED** Win32:Malware-gen21:53:10.050 File: C:\Users\Ross\AppData\Local\Temp\kfhpdxnkrkz.exe **INFECTED** Win32:Malware-gen21:56:42.720 AVAST engine scan C:\ProgramData22:01:22.943 Scan finished successfully22:02:26.044 Disk 0 MBR has been saved successfully to "C:\Users\Ross\Documents\MBR.dat"22:02:26.047 The log file has been saved successfully to "C:\Users\Ross\Documents\aswMBR.txt" Link to post Share on other sites More sharing options...
Voltza Posted March 16, 2013 Author ID:657816 Share Posted March 16, 2013 accidentally added alot of those zipped files. sorry Link to post Share on other sites More sharing options...
Staff CatByte Posted March 16, 2013 Staff ID:657819 Share Posted March 16, 2013 Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
Voltza Posted March 16, 2013 Author ID:657831 Share Posted March 16, 2013 If i remove all of my mcafee files is my computer not at risk?.My malware keeps telling me that outgoing data is being blocked from leaving.If i remove mcafee will malware keep all my stull safe Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:657858 Share Posted March 17, 2013 yes, it just needs to be disabled while ComboFix is running, you won't be surfing while scanning with ComboFix Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:657953 Share Posted March 17, 2013 ComboFix 13-03-16.02 - Ross 17/03/2013 7:45.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2455 [GMT 0:00]Running from: c:\users\Ross\Downloads\ComboFix.exeSP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dllc:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dllc:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dllc:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dllc:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dllc:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dllc:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dllc:\users\Ross\AppData\Roaming\6lSKradD2hOa.bakc:\users\Ross\AppData\Roaming\botnew.exec:\users\Ross\AppData\Roaming\dclogsc:\users\Ross\AppData\Roaming\ic:\users\Ross\AppData\Roaming\JuChecking.exec:\users\Ross\AppData\Roaming\marketevodone.exec:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\windows.lnkc:\users\Ross\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exec:\users\Ross\AppData\Roaming\mIRC\logs\status.logc:\users\Ross\AppData\Roaming\MySql.exec:\users\Ross\AppData\Roaming\ndc066BMMFJ.exec:\users\Ross\ifjpjxmn.exe..((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 )))))))))))))))))))))))))))))))..2013-03-17 07:53 . 2013-03-17 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-16 13:50 . 2013-03-16 13:50 -------- d-sh--w- c:\programdata\highworker02013-03-16 09:42 . 2013-03-16 09:43 -------- d-----w- c:\program files (x86)\Ask.com2013-03-16 09:42 . 2013-03-16 09:42 -------- d-----w- c:\users\Ross\AppData\Local\APN2013-03-16 09:42 . 2013-03-16 09:42 -------- d-----w- C:\Firefox2013-03-16 09:32 . 2013-03-16 09:32 -------- d-----w- c:\programdata\Ask2013-03-16 09:32 . 2013-03-16 09:32 -------- d-----w- c:\program files (x86)\Common Files\Java2013-03-16 09:31 . 2013-03-16 09:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-16 09:31 . 2013-03-16 09:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-15 23:44 . 2013-03-15 23:44 197513 ----a-w- c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exe2013-03-15 22:49 . 2013-03-15 22:49 32 ----a-w- c:\users\Ross\AppData\Roaming\data.bin2013-03-15 22:49 . 2013-03-15 22:49 -------- d-----w- c:\users\Ross\AppData\Roaming\Malwarebytes2013-03-15 22:49 . 2013-03-15 22:49 -------- d-----w- c:\programdata\Malwarebytes2013-03-15 22:49 . 2013-03-16 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-15 22:49 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-15 22:48 . 2013-03-15 22:48 -------- d-----w- c:\users\Ross\AppData\Local\Programs2013-03-15 22:45 . 2013-03-16 01:00 -------- d-----w- c:\users\Ross\AppData\Roaming\adm642013-03-15 22:42 . 2013-03-16 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\Bandwidth2013-03-15 22:37 . 2013-03-15 22:58 -------- d-sh--w- c:\users\Ross\4040642013-03-15 22:36 . 2013-03-15 22:36 -------- d-sh--w- c:\users\Ross\7728662013-03-15 22:17 . 2013-03-15 22:18 -------- d-----w- c:\users\Ross\AppData\Roaming\files2013-03-15 22:14 . 2013-03-15 22:58 -------- d-sh--w- c:\users\Ross\6523862013-03-15 22:14 . 2013-03-15 22:14 -------- d-sh--w- c:\users\Ross\7628882013-03-15 22:03 . 2013-03-15 22:03 -------- d-sh--w- c:\programdata\Chrome Browser02013-03-10 20:55 . 2013-03-16 01:00 -------- d-----w- c:\users\Ross\AppData\Roaming\Mining2013-03-09 20:35 . 2013-03-16 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\MySql2013-03-03 14:09 . 2013-03-03 14:09 -------- d-----w- c:\users\Ross\AppData\Roaming\TSO2013-03-03 14:04 . 2013-03-03 14:06 -------- d-----w- c:\program files (x86)\DSA Car Theory Test...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-16 09:31 . 2011-12-12 22:24 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-03-04 14:53 . 2012-02-07 15:52 72013344 ----a-w- c:\windows\system32\MRT.exe2013-02-12 05:45 . 2013-03-13 16:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 16:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 16:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 16:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 16:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 16:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-05 05:53 . 2013-02-14 02:23 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-05 05:00 . 2013-02-14 02:23 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00 . 2013-02-14 02:23 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-01-04 05:46 . 2013-02-14 02:23 215040 ----a-w- c:\windows\system32\winsrv.dll2013-01-04 04:51 . 2013-02-14 02:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-01-04 04:43 . 2013-02-14 02:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-01-04 03:26 . 2013-02-14 02:23 3153408 ----a-w- c:\windows\system32\win32k.sys2013-01-04 02:47 . 2013-02-14 02:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-01-04 02:47 . 2013-02-14 02:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-01-04 02:47 . 2013-02-14 02:23 2048 ----a-w- c:\windows\SysWow64\user.exe2013-01-04 02:47 . 2013-02-14 02:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-01-03 06:00 . 2013-02-14 02:23 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-03 06:00 . 2013-02-14 02:22 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]2012-02-27 08:42 88976 ----a-w- c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2013-02-08 14:55 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [2012-02-27 88976]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776].[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Chrome Browser"="c:\programdata\Chrome Browser0\qxjkxkfrd.exe" [2013-03-15 903138].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680].c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exe [2013-3-15 197513].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\IEBHO.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2465712]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-08-10 231440]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-26 676864]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..Contents of the 'Scheduled Tasks' folder.2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 16:31].2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 16:31].2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542231208-3868985644-3613082448-1000Core.job- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 14:23].2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542231208-3868985644-3613082448-1000UA.job- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 14:23].2013-02-05 c:\windows\Tasks\Norton Security Scan for Ross.job- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-03-29 03:19]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dll c:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dll.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.searchnu.com/406mLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000Trusted Zone: leagueoflegends.com\euw.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKCU-Run-Microsoft Routing Utilities - c:\users\Ross\AppData\Roaming\Microsoft\Windows\Templates\vmnethcp.exeWow6432Node-HKLM-Run-<NO NAME> - (no file)Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exeToolbar-Locked - (no file)Toolbar-10 - (no file)AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-542231208-3868985644-3613082448-1000_Classes\CLSID\{C28836E0-CAE3-354E-B54C-D1DC56A49084}]@Denied: (A 4) (Everyone).[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-17 07:55:35ComboFix-quarantined-files.txt 2013-03-17 07:55.Pre-Run: 384,027,283,456 bytes freePost-Run: 385,567,981,568 bytes free.- - End Of File - - 533F27747E2F3FA08E85024AEAE89120 Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:657972 Share Posted March 17, 2013 Please do the following:Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Copy/paste the text inside the Codebox below into notepad:Here's how to do that:Press the WinKey + R to open a run box, type Notepad > click OK.This will open an empty notepad file:Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')http://forums.malwarebytes.org/index.php?showtopic=123938&pid=657953&st=0entry657953Collect::c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exec:\programdata\Chrome Browser0\qxjkxkfrd.exeFOLDER::c:\users\Ross\404064c:\users\Ross\772866c:\users\Ross\652386c:\users\Ross\762888c:\programdata\Chrome Browser0c:\progra~2\SEARCH~1\DatamngrRegistry::[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{99079a25-328f-4bd4-be04-00955acaa0a7}"=-[-HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Chrome Browser"=-[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=""File::c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exeClearJavaCache::Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')Save this file to your desktop, Save this as "CFScript"Here's how to do that:1.Click File;2.Click Save As... Change the directory to your desktop;3.Change the Save as type to "All Files";4.Type in the file name: CFScript5.Click Save ...Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.NEXTPlease download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exewhen the window opens, click on Change Parametersunder ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”click OK Press Start ScanIf Malicious objects are found then ensure Cure is selectedIf TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)Then click Continue > Reboot now[*]Copy and paste the log in your next replyA copy of the log will be saved automatically to the root of the drive (typically C:\) Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:657975 Share Posted March 17, 2013 Disable everything including malwarebytes? Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:657977 Share Posted March 17, 2013 no, just your AV will suffice Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:657994 Share Posted March 17, 2013 3.Change the Save as type to "All Files";how do i do this. I dont see the button. Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:658003 Share Posted March 17, 2013 when you go to save the note pad > go to "file" > choose "save as"a new window will openat the bottom of that window there are three boxesthe second box is titled "save as" then there is a small arrow to the right of that box > click on the small arrow, it will give you an option to save as "all files"select that, then press save Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658060 Share Posted March 17, 2013 Northing was found in the TDSSKiller and no continue button appeared no a log. Do i still need to reboot? Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658063 Share Posted March 17, 2013 nor a log* Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:658064 Share Posted March 17, 2013 no, we can continue, do you have the new ComboFix log as well as the TDSSKiller log?Please run the following:Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next messageNEXTDownload AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658069 Share Posted March 17, 2013 ComboFix 13-03-17.01 - Ross 17/03/2013 16:48:43.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2300 [GMT 0:00]Running from: c:\users\Ross\Downloads\ComboFix.exeCommand switches used :: c:\users\Ross\Desktop\CFScript.txtSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exe"...((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\progra~2\SEARCH~1\Datamngrc:\progra~2\SEARCH~1\Datamngr\BrowserConnection.dllc:\progra~2\SEARCH~1\Datamngr\datamngr.dllc:\progra~2\SEARCH~1\Datamngr\datamngrUI.exec:\progra~2\SEARCH~1\Datamngr\DnsBHO.dllc:\progra~2\SEARCH~1\Datamngr\IEBHO.dllc:\progra~2\SEARCH~1\Datamngr\ToolBar\as_guid.datc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\bandoocode.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\engines.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\data\search\search.xslc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\about.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\external.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\vmncode.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsmc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\neterror.xhtmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\partner.coupons.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\preferences.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\radiobeta.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\template.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.htmc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\toolbar.xulc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmncode.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\babylon_logo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bandoo.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluelite.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\bluesky.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-search.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-settings.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn-widgets.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\btn_settings.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ca.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dictionary.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\divider.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\downloadcom.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\dtxlogo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ebay.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\email_on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\facebook.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\games.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred0_5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred1_5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred2_5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred3_5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred4_5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphred5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\graphredna.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\grey.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\ico-shield.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_amazon.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_games.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_radio_pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_seperator_pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_twitter.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\icon_youtube.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\images.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\imesh.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\add.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\aol.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\blank.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\chevron.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\collapse.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\comcast.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\dtx.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\expand.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\found.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\gmail.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\imap.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\lock.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\modify.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\move.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htmc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xslc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xslc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xslc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xslc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\pop.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.icoc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\reload.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\remove.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rename.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rss.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search-go.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\search.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.htmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\lichen.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-about.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo-separator.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\logo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\mail.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\maps.bmpc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify-save.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modify.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\modifyhot.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\music.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\news.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-main.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-search.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-weather.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\orange.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\pixsy.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\protect-id.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\radiobeta.icoc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\relatedlinks.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-collapse.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-delete.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-expand.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-feed.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-folder.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-found.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-reload.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rss.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rssback.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\rsstopback.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search-over.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_over_pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\search_button_pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\settings.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\shopping.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\siteinfo.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-grey.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-lichen.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-orange.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin-yellow.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\skin.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\technorati.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\throbber.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\translate.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\video.bmpc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.cssc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\vmn.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\weather.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\web.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\wikipedia.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yahoosearch.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\yellow.gifc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\youtube.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\chrome\skin\zoom.pngc:\progra~2\SEARCH~1\Datamngr\ToolBar\components\windowmediator.jsc:\progra~2\SEARCH~1\Datamngr\ToolBar\dtUser.exec:\progra~2\SEARCH~1\Datamngr\ToolBar\manifest.xmlc:\progra~2\SEARCH~1\Datamngr\ToolBar\searchquband.dllc:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dllc:\progra~2\SEARCH~1\Datamngr\ToolBar\uninstall.exec:\progra~2\SEARCH~1\Datamngr\x64\BrowserConnection.dllc:\progra~2\SEARCH~1\Datamngr\x64\datamngr.dllc:\progra~2\SEARCH~1\Datamngr\x64\datamngrUI.exec:\progra~2\SEARCH~1\Datamngr\x64\DnsBHO.dllc:\progra~2\SEARCH~1\Datamngr\x64\IEBHO.dllc:\programdata\Chrome Browser0c:\programdata\Chrome Browser0\qxjkxkfrd.exec:\users\Ross\404064c:\users\Ross\652386c:\users\Ross\762888c:\users\Ross\772866c:\users\Ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yupijunnubl.exe..((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 )))))))))))))))))))))))))))))))..2013-03-17 16:55 . 2013-03-17 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-17 16:55 . 2013-03-17 16:57 -------- d-sh--w- c:\programdata\Chrome Browser02013-03-17 12:52 . 2013-02-19 04:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6D2E7B1-8716-4FE7-9AAE-D67043FD17B0}\mpengine.dll2013-03-17 07:55 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys2013-03-16 13:50 . 2013-03-16 13:50 -------- d-sh--w- c:\programdata\highworker02013-03-16 09:42 . 2013-03-16 09:43 -------- d-----w- c:\program files (x86)\Ask.com2013-03-16 09:42 . 2013-03-16 09:42 -------- d-----w- c:\users\Ross\AppData\Local\APN2013-03-16 09:42 . 2013-03-16 09:42 -------- d-----w- C:\Firefox2013-03-16 09:32 . 2013-03-16 09:32 -------- d-----w- c:\programdata\Ask2013-03-16 09:32 . 2013-03-16 09:32 -------- d-----w- c:\program files (x86)\Common Files\Java2013-03-16 09:31 . 2013-03-16 09:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-03-16 09:31 . 2013-03-16 09:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-03-15 22:49 . 2013-03-15 22:49 32 ----a-w- c:\users\Ross\AppData\Roaming\data.bin2013-03-15 22:49 . 2013-03-15 22:49 -------- d-----w- c:\users\Ross\AppData\Roaming\Malwarebytes2013-03-15 22:49 . 2013-03-15 22:49 -------- d-----w- c:\programdata\Malwarebytes2013-03-15 22:49 . 2013-03-16 23:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2013-03-15 22:49 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-15 22:48 . 2013-03-15 22:48 -------- d-----w- c:\users\Ross\AppData\Local\Programs2013-03-15 22:45 . 2013-03-16 01:00 -------- d-----w- c:\users\Ross\AppData\Roaming\adm642013-03-15 22:42 . 2013-03-16 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\Bandwidth2013-03-15 22:17 . 2013-03-15 22:18 -------- d-----w- c:\users\Ross\AppData\Roaming\files2013-03-10 20:55 . 2013-03-16 01:00 -------- d-----w- c:\users\Ross\AppData\Roaming\Mining2013-03-09 20:35 . 2013-03-16 22:44 -------- d-----w- c:\users\Ross\AppData\Roaming\MySql2013-03-03 14:09 . 2013-03-03 14:09 -------- d-----w- c:\users\Ross\AppData\Roaming\TSO2013-03-03 14:04 . 2013-03-03 14:06 -------- d-----w- c:\program files (x86)\DSA Car Theory Test...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-03-16 09:31 . 2011-12-12 22:24 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-03-04 14:53 . 2012-02-07 15:52 72013344 ----a-w- c:\windows\system32\MRT.exe2013-02-12 05:45 . 2013-03-13 16:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-02-12 05:45 . 2013-03-13 16:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-02-12 05:45 . 2013-03-13 16:51 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-02-12 05:45 . 2013-03-13 16:51 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-02-12 04:48 . 2013-03-13 16:51 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-02-12 04:48 . 2013-03-13 16:51 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe2013-01-05 05:53 . 2013-02-14 02:23 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe2013-01-05 05:00 . 2013-02-14 02:23 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-01-05 05:00 . 2013-02-14 02:23 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-01-04 05:46 . 2013-02-14 02:23 215040 ----a-w- c:\windows\system32\winsrv.dll2013-01-04 04:51 . 2013-02-14 02:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-01-04 04:43 . 2013-02-14 02:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll2013-01-04 03:26 . 2013-02-14 02:23 3153408 ----a-w- c:\windows\system32\win32k.sys2013-01-04 02:47 . 2013-02-14 02:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-01-04 02:47 . 2013-02-14 02:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-01-04 02:47 . 2013-02-14 02:23 2048 ----a-w- c:\windows\SysWow64\user.exe2013-01-04 02:47 . 2013-02-14 02:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-01-03 06:00 . 2013-02-14 02:23 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-01-03 06:00 . 2013-02-14 02:22 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776].[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2013-02-08 14:55 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-01 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-08-10 204288]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2465712]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtlService.exe [2009-12-07 40960]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-08-10 231440]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-02-26 676864]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..Contents of the 'Scheduled Tasks' folder.2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 16:31].2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-02 16:31].2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542231208-3868985644-3613082448-1000Core.job- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 14:23].2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-542231208-3868985644-3613082448-1000UA.job- c:\users\Ross\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-31 14:23].2013-02-05 c:\windows\Tasks\Norton Security Scan for Ross.job- c:\progra~2\NORTON~2\Engine\371~1.4\Nss.exe [2012-03-29 03:19]..--------- X64 Entries -----------..HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.searchnu.com/406mLocal Page = c:\windows\SysWOW64\blank.htmIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000Trusted Zone: leagueoflegends.com\euw.- - - - ORPHANS REMOVED - - - -.BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dllBHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLLToolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-542231208-3868985644-3613082448-1000_Classes\CLSID\{C28836E0-CAE3-354E-B54C-D1DC56A49084}]@Denied: (A 4) (Everyone).[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.10".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Edimax\11n USB Wireless LAN Utility\RtWlan.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exec:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXEc:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE.**************************************************************************.Completion time: 2013-03-17 17:00:23 - machine was rebootedComboFix-quarantined-files.txt 2013-03-17 17:00ComboFix2.txt 2013-03-17 07:55.Pre-Run: 387,352,891,392 bytes freePost-Run: 387,183,140,864 bytes free.- - End Of File - - FBF5FF47092D2D83C8E79D89989406C7Upload was successful I only got this log. TDSSKiller Provided no log. but it said no threats were found, quarantined or neutralized Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658070 Share Posted March 17, 2013 It tells me that the first file you sent me is malicious and does not allow me to download Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658071 Share Posted March 17, 2013 My antivirus is not enabled either Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:658072 Share Posted March 17, 2013 you must have your security settings a little too high on your browser Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658073 Share Posted March 17, 2013 how do i go about changing these. Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:658075 Share Posted March 17, 2013 if you are using IEgo to "Tools" > "Internet Options" > "Security Tab" > lower the slider to "Medium High" > press "OK"you should be able to download the Junkware Removal Tool now. Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658077 Share Posted March 17, 2013 On chrome^ Link to post Share on other sites More sharing options...
Staff CatByte Posted March 17, 2013 Staff ID:658079 Share Posted March 17, 2013 http://support.google.com/chrome/bin/answer.py?hl=en&answer=95572(use IE for the download) Link to post Share on other sites More sharing options...
Voltza Posted March 17, 2013 Author ID:658088 Share Posted March 17, 2013 when you say check all for in the malwarebytes scan results. Does this mean manually select all and delete or only delet the ones that the scan has selected Link to post Share on other sites More sharing options...
Recommended Posts