Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Tidserv l!inf & possible worm and problems with scanning


  • This topic is locked This topic is locked
28 replies to this topic

#1 johl

johl

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 20 January 2012 - 03:57 PM

My computer recently had several problems. Recently I've been having occasional freezing when my computer is left alone (especially when it's in screensaver mode)
I have both the Norton Security Suite and Malwarebytes Anti-Ware (trial version) on my computer. I did a full and quick scan with Norton and could not find anything. However with Malwarebytes, although I could do a quick scan (and find nothing), when I did the full scan, 3 hours into it, the program would terminate suddenly.

Norton did find something with Auto Protect later: a Backdoor Tidserv.l!inf in the system restore. I manually deleted the file and thought perhaps this was the only problem.

However I brought my usb (which I had plugged into this computer) to a friend's computer, and when I plugged it in, her laptop (using Windows Security Essentials) caught a Worm attacking her system files.
EDIT: When I plugged in the usb today Norton caught the Worm, it was W32.sillyfdc and I believe the antivirus got rid of it (I restarted the computer) so perhaps this is a separate problem entirely)

Additionally while getting logs for this problem, 4-5 hours into the GMER scanning, my computer popped up with an error with an unrelated program (I forgot what program it was I sort of panicked first) and my mouse stopped working. Additionally my internet suddenly stopped working and when I tried ipconfig in cmd, I recieved an error (I couldn't execute the command). The GMER appeared to be finish though (the button for stop had turned into a scan), so I shut down my computer and just opened it this morning. It works fine now. However I'm not sure if the GMER was able to get a full scan.

Thank you so much and I hope this information can be helpful.

This is the DDS.text:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by isysadmin at 20:23:43 on 2012-01-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.717 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\WI0498~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SoftKey\Calendar Creator 4.0\CCSCHED.EXE
C:\Documents and Settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/405
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\3.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\3.8.3.6\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [TkBellExe] c:\program files\common files\real\update_ob\evntsvc.exe -osboot
mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
StartupFolder: c:\docume~1\isysad~1.000\startm~1\programs\startup\calend~1.lnk - c:\program files\softkey\calendar creator 4.0\CCSCHED.EXE
StartupFolder: c:\docume~1\isysad~1.000\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\isysadmin.lopez.000\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\isysad~1.000\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\epsons~1.lnk - c:\program files\epson\epson smart panel for scanner\ESPMAIN.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevid\redirect.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aol.com\free
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 140.142.17.18 140.142.15.27
TCP: Interfaces\{B59B879B-BC2C-473B-B7E9-015A2873233F} : DhcpNameServer = 140.142.17.18 140.142.15.27
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton security suite\engine\3.8.3.6\CoIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\isysadmin.lopez.000\application data\mozilla\firefox\profiles\3x7k1jfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\windows savevid toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\documents and settings\isysadmin.lopez.000\application data\mozilla\firefox\profiles\3x7k1jfp.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\isysadmin.lopez.000\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpverplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C02D288E-7E88-4C38-9555-3036CC38E441} - c:\documents and settings\isysadmin.lopez.000\local settings\application data\{C02D288E-7E88-4C38-9555-3036CC38E441}
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-10-31 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-10-31 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-10-31 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120119.006\IDSXpx86.sys [2012-1-19 356280]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-15 652872]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [2002-9-3 19296]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\3.8.3.6\ccSvcHst.exe [2011-10-31 117648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-20 2255464]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-1-3 245760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-3 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120119.002\NAVENG.SYS [2012-1-19 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users.windows\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120119.002\NAVEX15.SYS [2012-1-19 1576312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-8-20 119528]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-01-03 23:44:28 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-03 23:44:23 -------- d-----w- C:\Brother
2012-01-03 23:44:19 -------- d-----w- c:\program files\Browny02
2012-01-03 23:44:13 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-03 23:44:13 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-03 23:44:12 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-03 23:44:12 2560 ------w- c:\windows\system32\BrDctF2S.dll
.
==================== Find3M ====================
.
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2006-06-27 16:30:00 9143496 ----a-w- c:\program files\INSTALL_MSN_MESSENGER_NT.EXE
.
============= FINISH: 20:24:50.07 ===============

Attached Files


Edited by johl, 20 January 2012 - 06:55 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 22 January 2012 - 01:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 January 2012 - 11:45 PM

Thank you for replying so quickly!

When I went home this weekend, my dad took a look at my computer and actually already ran combo fix (on the same day you replied) and this is the log. I'm sorry about that; I know your policy is to not do anything beforehand to the computer without your saying so. The good news is that my computer at the moment is running a lot faster than before; I deleted some misc programs and scanned again with Norton and didn't find anything. Additionally the worm virus ended up being from this printing place that I only just been recently going to and Norton caught the worm when I plugged my usb back in. There appears to be no problems, except Malwarebyte full scan still crashes.





ComboFix 12-01-21.01 - isysadmin 01/21/2012 9:40.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1614 [GMT -8:00]
Running from: c:\documents and settings\isysadmin.LOPEZ.000\Desktop\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-20 02:42 . 2012-01-20 04:28 -------- d-----w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\HPAppData
2012-01-03 23:44 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- C:\Brother
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- c:\program files\Browny02
2012-01-03 23:44 . 2010-08-03 04:57 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-03 23:44 . 2007-12-14 06:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-03 23:44 . 2010-03-16 03:56 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-03 23:44 . 2010-03-16 03:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-03 23:43 . 2012-01-03 23:43 -------- d-----w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2010-03-04 04:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2009-08-12 18:34 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2009-08-12 18:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-08-12 18:33 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-08-12 18:34 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-02-07 19:02 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2006-06-27 16:30 . 2006-06-27 16:29 9143496 ----a-w- c:\program files\INSTALL_MSN_MESSENGER_NT.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-17_08.44.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-12 22:59 . 2012-01-20 22:57 14274 c:\windows\system32\tablet.dat
- 2010-06-12 22:59 . 2012-01-17 08:44 14274 c:\windows\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-17 524288]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\evntsvc.exe" [2010-02-20 146432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-09-09 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\
Calendar Creator Scheduler.lnk - c:\program files\SoftKey\Calendar Creator 4.0\CCSCHED.EXE [2010-1-25 97280]
Dropbox.lnk - c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\Dropbox.exe [2011-9-1 24183152]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-7-5 576000]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-27 110592]
EPSON SMART PANEL for Scanner.lnk - c:\program files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE [2005-11-11 180224]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-2-6 118784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Savevid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Nvidia Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\isysadmin.LOPEZ.000\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/31/2011 1:10 PM 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/31/2011 1:10 PM 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/31/2011 1:10 PM 467592]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120119.006\IDSXpx86.sys [1/19/2012 4:35 PM 356280]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 8:40 PM 652872]
S2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [9/3/2002 5:31 PM 19296]
S2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [10/31/2011 1:09 PM 117648]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\Nvidia Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 9:54 PM 2255464]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/3/2012 3:44 PM 245760]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:46 PM 106104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2010 8:48 PM 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:52 PM 119528]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2010 8:32 PM 697328]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16879665
*NewlyCreated* - 17896568
*Deregistered* - 16879665
*Deregistered* - 17896568
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOPEZ-isysadmin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-22 10:44]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003Core.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
2012-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003UA.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 140.142.17.18 140.142.15.27
FF - ProfilePath - c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Mozilla\Firefox\Profiles\3x7k1jfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C02D288E-7E88-4C38-9555-3036CC38E441} - c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 09:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(176)
c:\windows\system32\WININET.dll
c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
Completion time: 2012-01-21 09:56:08
ComboFix-quarantined-files.txt 2012-01-21 17:55
ComboFix2.txt 2012-01-17 08:51
ComboFix3.txt 2010-03-04 00:10
.
Pre-Run: 8,812,531,712 bytes free
Post-Run: 8,806,707,200 bytes free
.
- - End Of File - - 17C8B389CE027395100ED7AF89580655

Edited by johl, 22 January 2012 - 11:50 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 23 January 2012 - 12:07 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 23 January 2012 - 02:56 AM

I can't really tell if my computer is running any faster at this point. However I do want to note that before the combofix Malwarebytes and Norton have been fending off incoming ip address attacks. So there is a problem but I can't tell from what or where it's coming from. Also earlier my computer was running excruciatingly slow, but it could because Norton was running a background scan. (although it wasn't this bad before in terms of, let's say a month ago)


ComboFix 12-01-23.02 - isysadmin 01/22/2012 23:37:54.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1465 [GMT -8:00]
Running from: c:\documents and settings\isysadmin.LOPEZ.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\isysadmin.LOPEZ.000\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-23 to 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-21 19:47 . 2012-01-21 19:47 -------- d-----w- c:\program files\HitmanPro
2012-01-21 19:25 . 2012-01-21 19:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-21 19:24 . 2012-01-21 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-01-03 23:44 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- C:\Brother
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- c:\program files\Browny02
2012-01-03 23:44 . 2010-08-03 04:57 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-03 23:44 . 2007-12-14 06:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-03 23:44 . 2010-03-16 03:56 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-03 23:44 . 2010-03-16 03:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-03 23:43 . 2012-01-03 23:43 -------- d-----w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2010-03-04 04:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2009-08-12 18:34 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:20 . 2009-08-12 18:35 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 14:20 . 2009-08-12 18:34 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-04 19:20 . 2009-08-12 18:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-08-12 18:33 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2009-08-12 18:34 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2009-08-12 18:34 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2009-02-07 19:02 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
2006-06-27 16:30 . 2006-06-27 16:29 9143496 ----a-w- c:\program files\INSTALL_MSN_MESSENGER_NT.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-17 524288]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\evntsvc.exe" [2010-02-20 146432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-09-09 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-27 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk
backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^Calendar Creator Scheduler.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\Calendar Creator Scheduler.lnk
backup=c:\windows\pss\Calendar Creator Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Savevid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\Program Files\\Nvidia Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\isysadmin.LOPEZ.000\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/31/2011 1:10 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/31/2011 1:10 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/31/2011 1:10 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120120.002\IDSXpx86.sys [1/21/2012 10:49 AM 356280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 8:40 PM 652872]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [9/3/2002 5:31 PM 19296]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [10/31/2011 1:09 PM 117648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\Nvidia Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 9:54 PM 2255464]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/3/2012 3:44 PM 245760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:46 PM 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2010 8:48 PM 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:52 PM 119528]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2010 8:32 PM 697328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOPEZ-isysadmin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-22 10:44]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003Core.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
2012-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003UA.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 140.142.17.18 140.142.15.27
FF - ProfilePath - c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Mozilla\Firefox\Profiles\3x7k1jfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {C02D288E-7E88-4C38-9555-3036CC38E441} - c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-22 23:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-01-22 23:52:57
ComboFix-quarantined-files.txt 2012-01-23 07:52
ComboFix2.txt 2012-01-21 17:56
.
Pre-Run: 10,313,449,472 bytes free
Post-Run: 10,307,366,912 bytes free
.
- - End Of File - - 2BB44809D9AA73A0DA5CC76E6A93D948

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 23 January 2012 - 03:23 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 23 January 2012 - 03:38 AM

Nothing was found.


00:28:07.0250 3620 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
00:28:07.0843 3620 ============================================================
00:28:07.0843 3620 Current date / time: 2012/01/23 00:28:07.0843
00:28:07.0843 3620 SystemInfo:
00:28:07.0843 3620
00:28:07.0843 3620 OS Version: 5.1.2600 ServicePack: 3.0
00:28:07.0843 3620 Product type: Workstation
00:28:07.0843 3620 ComputerName: LOPEZ
00:28:07.0843 3620 UserName: isysadmin
00:28:07.0843 3620 Windows directory: C:\WINDOWS
00:28:07.0843 3620 System windows directory: C:\WINDOWS
00:28:07.0843 3620 Processor architecture: Intel x86
00:28:07.0843 3620 Number of processors: 1
00:28:07.0843 3620 Page size: 0x1000
00:28:07.0843 3620 Boot type: Normal boot
00:28:07.0843 3620 ============================================================
00:28:09.0515 3620 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:28:09.0531 3620 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:28:09.0546 3620 Drive \Device\Harddisk2\DR4 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:28:09.0593 3620 Initialize success
00:28:13.0828 0460 ============================================================
00:28:13.0828 0460 Scan started
00:28:13.0828 0460 Mode: Manual;
00:28:13.0828 0460 ============================================================
00:28:15.0000 0460 Abiosdsk - ok
00:28:15.0031 0460 abp480n5 - ok
00:28:15.0093 0460 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:28:15.0093 0460 ACPI - ok
00:28:15.0156 0460 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:28:15.0156 0460 ACPIEC - ok
00:28:15.0171 0460 adpu160m - ok
00:28:15.0250 0460 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:28:15.0250 0460 aec - ok
00:28:15.0312 0460 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:28:15.0312 0460 AFD - ok
00:28:15.0343 0460 Aha154x - ok
00:28:15.0375 0460 aic78u2 - ok
00:28:15.0390 0460 aic78xx - ok
00:28:15.0421 0460 AliIde - ok
00:28:15.0453 0460 amsint - ok
00:28:15.0484 0460 asc - ok
00:28:15.0531 0460 asc3350p - ok
00:28:15.0546 0460 asc3550 - ok
00:28:15.0593 0460 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:28:15.0593 0460 AsyncMac - ok
00:28:15.0625 0460 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:28:15.0625 0460 atapi - ok
00:28:15.0656 0460 Atdisk - ok
00:28:15.0703 0460 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:28:15.0703 0460 Atmarpc - ok
00:28:15.0765 0460 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:28:15.0765 0460 audstub - ok
00:28:15.0828 0460 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:28:15.0828 0460 Beep - ok
00:28:15.0906 0460 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308030.006\BHDrvx86.sys
00:28:15.0906 0460 BHDrvx86 - ok
00:28:16.0062 0460 catchme - ok
00:28:16.0234 0460 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:28:16.0234 0460 cbidf2k - ok
00:28:16.0375 0460 ccHP (3182b846490dc4d71fabd4a8cb6b73ea) C:\WINDOWS\System32\Drivers\N360\0308030.006\ccHPx86.sys
00:28:16.0375 0460 ccHP - ok
00:28:16.0406 0460 cd20xrnt - ok
00:28:16.0453 0460 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:28:16.0453 0460 Cdaudio - ok
00:28:16.0515 0460 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:28:16.0515 0460 Cdfs - ok
00:28:16.0546 0460 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:28:16.0546 0460 Cdrom - ok
00:28:16.0578 0460 Changer - ok
00:28:16.0625 0460 CmdIde - ok
00:28:16.0656 0460 Cpqarray - ok
00:28:16.0687 0460 dac2w2k - ok
00:28:16.0718 0460 dac960nt - ok
00:28:16.0781 0460 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
00:28:16.0781 0460 DgiVecp - ok
00:28:16.0828 0460 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:28:16.0828 0460 Disk - ok
00:28:16.0875 0460 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:28:16.0890 0460 dmboot - ok
00:28:16.0921 0460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:28:16.0921 0460 dmio - ok
00:28:16.0953 0460 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:28:16.0953 0460 dmload - ok
00:28:17.0031 0460 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:28:17.0031 0460 DMusic - ok
00:28:17.0062 0460 dpti2o - ok
00:28:17.0093 0460 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:28:17.0093 0460 drmkaud - ok
00:28:17.0234 0460 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:28:17.0234 0460 eeCtrl - ok
00:28:17.0281 0460 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:28:17.0281 0460 EraserUtilRebootDrv - ok
00:28:17.0359 0460 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:28:17.0359 0460 Fastfat - ok
00:28:17.0406 0460 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:28:17.0406 0460 Fdc - ok
00:28:17.0437 0460 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:28:17.0437 0460 Fips - ok
00:28:17.0484 0460 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:28:17.0484 0460 Flpydisk - ok
00:28:17.0562 0460 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:28:17.0562 0460 FltMgr - ok
00:28:17.0625 0460 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:28:17.0625 0460 Fs_Rec - ok
00:28:17.0656 0460 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:28:17.0656 0460 Ftdisk - ok
00:28:17.0703 0460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:28:17.0718 0460 GEARAspiWDM - ok
00:28:17.0781 0460 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:28:17.0781 0460 Gpc - ok
00:28:17.0812 0460 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:28:17.0812 0460 HDAudBus - ok
00:28:17.0859 0460 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:28:17.0875 0460 hidusb - ok
00:28:17.0921 0460 hpn - ok
00:28:17.0984 0460 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:28:17.0984 0460 HTTP - ok
00:28:18.0015 0460 i2omgmt - ok
00:28:18.0046 0460 i2omp - ok
00:28:18.0093 0460 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:28:18.0093 0460 i8042prt - ok
00:28:18.0187 0460 IDSxpx86 (e72d3894d42355e9cd5fd77e1e4fea11) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120120.002\IDSxpx86.sys
00:28:18.0187 0460 IDSxpx86 - ok
00:28:18.0281 0460 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:28:18.0281 0460 Imapi - ok
00:28:18.0312 0460 ini910u - ok
00:28:18.0500 0460 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:28:18.0531 0460 IntcAzAudAddService - ok
00:28:18.0562 0460 IntelIde - ok
00:28:18.0609 0460 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:28:18.0609 0460 Ip6Fw - ok
00:28:18.0750 0460 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:28:18.0750 0460 IpFilterDriver - ok
00:28:18.0828 0460 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:28:18.0828 0460 IpInIp - ok
00:28:18.0859 0460 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:28:18.0875 0460 IpNat - ok
00:28:18.0906 0460 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:28:18.0906 0460 IPSec - ok
00:28:18.0984 0460 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:28:18.0984 0460 IRENUM - ok
00:28:19.0046 0460 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:28:19.0046 0460 isapnp - ok
00:28:19.0093 0460 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:28:19.0093 0460 Kbdclass - ok
00:28:19.0156 0460 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:28:19.0156 0460 kbdhid - ok
00:28:19.0218 0460 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:28:19.0218 0460 kmixer - ok
00:28:19.0281 0460 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
00:28:19.0281 0460 KSecDD - ok
00:28:19.0328 0460 lbrtfdc - ok
00:28:19.0406 0460 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
00:28:19.0406 0460 MBAMProtector - ok
00:28:19.0484 0460 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
00:28:19.0484 0460 mcdbus - ok
00:28:19.0546 0460 MLPTDR_C (faf66dd65a5b266e0115f55aa44a6ca8) C:\WINDOWS\system32\MLPTDR_C.sys
00:28:19.0546 0460 MLPTDR_C - ok
00:28:19.0625 0460 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:28:19.0625 0460 mnmdd - ok
00:28:19.0671 0460 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:28:19.0671 0460 Modem - ok
00:28:19.0734 0460 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:28:19.0734 0460 Mouclass - ok
00:28:19.0765 0460 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:28:19.0765 0460 mouhid - ok
00:28:19.0812 0460 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:28:19.0812 0460 MountMgr - ok
00:28:19.0843 0460 mraid35x - ok
00:28:19.0875 0460 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:28:19.0875 0460 MRxDAV - ok
00:28:19.0937 0460 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:28:19.0953 0460 MRxSmb - ok
00:28:20.0000 0460 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:28:20.0000 0460 Msfs - ok
00:28:20.0078 0460 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:28:20.0078 0460 MSKSSRV - ok
00:28:20.0109 0460 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:28:20.0109 0460 MSPCLOCK - ok
00:28:20.0156 0460 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:28:20.0156 0460 MSPQM - ok
00:28:20.0203 0460 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:28:20.0203 0460 mssmbios - ok
00:28:20.0281 0460 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:28:20.0281 0460 Mup - ok
00:28:20.0453 0460 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120122.004\NAVENG.SYS
00:28:20.0453 0460 NAVENG - ok
00:28:20.0515 0460 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120122.004\NAVEX15.SYS
00:28:20.0531 0460 NAVEX15 - ok
00:28:20.0609 0460 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:28:20.0609 0460 NDIS - ok
00:28:20.0687 0460 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:28:20.0687 0460 NdisTapi - ok
00:28:20.0781 0460 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:28:20.0781 0460 Ndisuio - ok
00:28:20.0828 0460 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:28:20.0828 0460 NdisWan - ok
00:28:20.0890 0460 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:28:20.0890 0460 NDProxy - ok
00:28:20.0921 0460 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:28:20.0921 0460 NetBIOS - ok
00:28:20.0968 0460 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:28:20.0984 0460 NetBT - ok
00:28:21.0046 0460 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:28:21.0046 0460 Npfs - ok
00:28:21.0125 0460 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:28:21.0125 0460 Ntfs - ok
00:28:21.0218 0460 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:28:21.0218 0460 Null - ok
00:28:21.0718 0460 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:28:21.0796 0460 nv - ok
00:28:21.0875 0460 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
00:28:21.0875 0460 NVENETFD - ok
00:28:21.0937 0460 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
00:28:21.0937 0460 NVHDA - ok
00:28:21.0968 0460 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
00:28:21.0968 0460 nvnetbus - ok
00:28:22.0046 0460 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:28:22.0046 0460 NwlnkFlt - ok
00:28:22.0078 0460 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:28:22.0078 0460 NwlnkFwd - ok
00:28:22.0140 0460 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
00:28:22.0140 0460 NwlnkIpx - ok
00:28:22.0187 0460 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
00:28:22.0187 0460 NwlnkNb - ok
00:28:22.0234 0460 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
00:28:22.0234 0460 NwlnkSpx - ok
00:28:22.0312 0460 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:28:22.0312 0460 Parport - ok
00:28:22.0343 0460 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:28:22.0343 0460 PartMgr - ok
00:28:22.0390 0460 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:28:22.0390 0460 ParVdm - ok
00:28:22.0437 0460 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:28:22.0437 0460 PCI - ok
00:28:22.0500 0460 PCIDump - ok
00:28:22.0546 0460 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:28:22.0546 0460 PCIIde - ok
00:28:22.0593 0460 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:28:22.0593 0460 Pcmcia - ok
00:28:22.0640 0460 PDCOMP - ok
00:28:22.0687 0460 PDFRAME - ok
00:28:22.0718 0460 PDRELI - ok
00:28:22.0765 0460 PDRFRAME - ok
00:28:22.0828 0460 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\WINDOWS\system32\drivers\PenClass.sys
00:28:22.0828 0460 PenClass - ok
00:28:22.0890 0460 perc2 - ok
00:28:22.0937 0460 perc2hib - ok
00:28:23.0031 0460 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:28:23.0031 0460 PptpMiniport - ok
00:28:23.0078 0460 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:28:23.0078 0460 Processor - ok
00:28:23.0171 0460 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:28:23.0171 0460 PSched - ok
00:28:23.0250 0460 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:28:23.0250 0460 Ptilink - ok
00:28:23.0312 0460 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:28:23.0312 0460 PxHelp20 - ok
00:28:23.0359 0460 ql1080 - ok
00:28:23.0390 0460 Ql10wnt - ok
00:28:23.0437 0460 ql12160 - ok
00:28:23.0468 0460 ql1240 - ok
00:28:23.0500 0460 ql1280 - ok
00:28:23.0546 0460 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:28:23.0546 0460 RasAcd - ok
00:28:23.0578 0460 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:28:23.0578 0460 Rasl2tp - ok
00:28:23.0625 0460 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:28:23.0625 0460 RasPppoe - ok
00:28:24.0015 0460 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:28:24.0015 0460 Raspti - ok
00:28:24.0062 0460 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:28:24.0062 0460 Rdbss - ok
00:28:24.0093 0460 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:28:24.0093 0460 RDPCDD - ok
00:28:24.0156 0460 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:28:24.0156 0460 rdpdr - ok
00:28:24.0234 0460 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:28:24.0234 0460 RDPWD - ok
00:28:24.0296 0460 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:28:24.0296 0460 redbook - ok
00:28:24.0375 0460 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:28:24.0375 0460 Secdrv - ok
00:28:24.0421 0460 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:28:24.0421 0460 serenum - ok
00:28:24.0468 0460 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:28:24.0468 0460 Serial - ok
00:28:24.0500 0460 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:28:24.0500 0460 Sfloppy - ok
00:28:24.0546 0460 Simbad - ok
00:28:24.0562 0460 Sparrow - ok
00:28:24.0609 0460 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:28:24.0625 0460 splitter - ok
00:28:25.0515 0460 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\System32\Drivers\sptd.sys
00:28:25.0515 0460 sptd - ok
00:28:28.0078 0460 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:28:28.0078 0460 sr - ok
00:28:28.0343 0460 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308030.006\SRTSP.SYS
00:28:28.0343 0460 SRTSP - ok
00:28:28.0421 0460 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308030.006\SRTSPX.SYS
00:28:28.0421 0460 SRTSPX - ok
00:28:28.0515 0460 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:28:28.0515 0460 Srv - ok
00:28:28.0546 0460 SSPORT - ok
00:28:28.0593 0460 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:28:28.0593 0460 StillCam - ok
00:28:28.0671 0460 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:28:28.0671 0460 swenum - ok
00:28:29.0187 0460 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:28:29.0218 0460 swmidi - ok
00:28:29.0390 0460 symc810 - ok
00:28:29.0890 0460 symc8xx - ok
00:28:30.0781 0460 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308030.006\SYMEFA.SYS
00:28:30.0812 0460 SymEFA - ok
00:28:31.0359 0460 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:28:31.0359 0460 SymEvent - ok
00:28:31.0656 0460 SYMFW (a8c45c36309ee066f9191e511f88ed76) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMFW.SYS
00:28:31.0671 0460 SYMFW - ok
00:28:31.0875 0460 SYMIDS (f4db00bc0c25be3e05d4bbb8637cc3a3) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMIDS.SYS
00:28:31.0875 0460 SYMIDS - ok
00:28:31.0953 0460 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:28:31.0953 0460 SymIM - ok
00:28:31.0968 0460 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
00:28:31.0968 0460 SymIMMP - ok
00:28:32.0031 0460 SYMNDIS (06a8ecfc68d61a26a67f0e96ff1ca9cc) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMNDIS.SYS
00:28:32.0031 0460 SYMNDIS - ok
00:28:32.0093 0460 SYMTDI (26bc80ec79d7ba478249c266cbdf17b4) C:\WINDOWS\System32\Drivers\N360\0308030.006\SYMTDI.SYS
00:28:32.0093 0460 SYMTDI - ok
00:28:32.0125 0460 sym_hi - ok
00:28:32.0156 0460 sym_u3 - ok
00:28:32.0218 0460 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:28:32.0218 0460 sysaudio - ok
00:28:32.0406 0460 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:28:32.0406 0460 Tcpip - ok
00:28:32.0515 0460 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:28:32.0515 0460 TDPIPE - ok
00:28:32.0546 0460 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:28:32.0546 0460 TDTCP - ok
00:28:32.0609 0460 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:28:32.0609 0460 TermDD - ok
00:28:32.0640 0460 TosIde - ok
00:28:32.0718 0460 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:28:32.0718 0460 Udfs - ok
00:28:32.0750 0460 ultra - ok
00:28:32.0843 0460 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:28:32.0843 0460 Update - ok
00:28:32.0953 0460 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:28:32.0953 0460 usbccgp - ok
00:28:33.0000 0460 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:28:33.0000 0460 usbehci - ok
00:28:33.0031 0460 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:28:33.0031 0460 usbhub - ok
00:28:33.0078 0460 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:28:33.0078 0460 usbohci - ok
00:28:33.0125 0460 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:28:33.0125 0460 usbprint - ok
00:28:33.0187 0460 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:28:33.0187 0460 usbscan - ok
00:28:33.0250 0460 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:28:33.0250 0460 usbstor - ok
00:28:33.0312 0460 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:28:33.0312 0460 VgaSave - ok
00:28:33.0343 0460 ViaIde - ok
00:28:33.0359 0460 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:28:33.0375 0460 VolSnap - ok
00:28:33.0421 0460 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:28:33.0421 0460 Wanarp - ok
00:28:33.0468 0460 WDICA - ok
00:28:33.0609 0460 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:28:33.0609 0460 wdmaud - ok
00:28:33.0718 0460 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:28:33.0718 0460 WS2IFSL - ok
00:28:33.0968 0460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:28:34.0140 0460 \Device\Harddisk0\DR0 - ok
00:28:34.0171 0460 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:28:34.0296 0460 \Device\Harddisk1\DR1 - ok
00:28:34.0312 0460 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR4
00:28:34.0937 0460 \Device\Harddisk2\DR4 - ok
00:28:34.0937 0460 Boot (0x1200) (fedd4ab946bfc03c16b3023b42f3d485) \Device\Harddisk0\DR0\Partition0
00:28:34.0937 0460 \Device\Harddisk0\DR0\Partition0 - ok
00:28:34.0968 0460 Boot (0x1200) (df8ae173b4cf29206e1ba8e4b9f22fc2) \Device\Harddisk1\DR1\Partition0
00:28:34.0968 0460 \Device\Harddisk1\DR1\Partition0 - ok
00:28:34.0968 0460 Boot (0x1200) (6a7ed9473a7bb5cf7ae58cba11d905d9) \Device\Harddisk2\DR4\Partition0
00:28:34.0984 0460 \Device\Harddisk2\DR4\Partition0 - ok
00:28:34.0984 0460 ============================================================
00:28:34.0984 0460 Scan finished
00:28:34.0984 0460 ============================================================
00:28:35.0000 3116 Detected object count: 0
00:28:35.0000 3116 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 23 January 2012 - 03:49 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 23 January 2012 - 08:52 PM

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-23 17:49:46
-----------------------------
17:49:46.015 OS Version: Windows 5.1.2600 Service Pack 3
17:49:46.015 Number of processors: 1 586 0x7F01
17:49:46.015 ComputerName: LOPEZ UserName:
17:49:52.671 Initialize success
17:50:11.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
17:50:11.578 Disk 0 Vendor: WDC_WD800JB-00FSA0 77.07W77 Size: 76319MB BusType: 3
17:50:11.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
17:50:11.593 Disk 1 Vendor: ST3802110A 2AAA Size: 76319MB BusType: 3
17:50:11.609 Disk 0 MBR read successfully
17:50:11.609 Disk 0 MBR scan
17:50:11.609 Disk 0 Windows XP default MBR code
17:50:11.625 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
17:50:11.625 Disk 0 scanning sectors +156280320
17:50:11.687 Disk 0 scanning C:\WINDOWS\system32\drivers
17:50:23.781 Service scanning
17:50:26.000 Modules scanning
17:50:45.828 Disk 0 trace - called modules:
17:50:45.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:50:46.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa4aab8]
17:50:46.390 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000194[0x8ab44f18]
17:50:46.406 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8aa37d98]
17:50:46.421 Scan finished successfully
17:52:22.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\isysadmin.LOPEZ.000\Desktop\MBR.dat"
17:52:22.062 The log file has been saved successfully to "C:\Documents and Settings\isysadmin.LOPEZ.000\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 23 January 2012 - 09:16 PM

How are things running now?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 January 2012 - 01:04 AM

I'm still receiving incoming IP threats from random IP addresses and malwarebytes could not full scan when I tried again this morning.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 24 January 2012 - 01:31 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\\Program Files\Windows Savevid Toolbar
c:\program files\Savevid

DDS::
IE: Save video on Savevid.com - c:\program files\Savevid\redirect.htm

FireFox::
FF - ProfilePath - c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Mozilla\Firefox\Profiles\3x7k1jfp.default\
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&q=
FF - Ext: XULRunner: {C02D288E-7E88-4C38-9555-3036CC38E441} - c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 johl

johl
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 24 January 2012 - 02:26 AM

Not sure yet how it'll run.

ComboFix 12-01-23.02 - isysadmin 01/23/2012 22:48:07.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1534 [GMT -8:00]
Running from: c:\documents and settings\isysadmin.LOPEZ.000\Desktop\combofix.exe
Command switches used :: c:\documents and settings\isysadmin.LOPEZ.000\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}
c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}\chrome.manifest
c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}\chrome\content\_cfg.js
c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\{C02D288E-7E88-4C38-9555-3036CC38E441}\install.rdf
c:\program files\Savevid
c:\program files\Savevid\ffmenu@savevid.com\chrome.manifest
c:\program files\Savevid\ffmenu@savevid.com\chrome\content\script.js
c:\program files\Savevid\ffmenu@savevid.com\chrome\content\videosaklamenu.xul
c:\program files\Savevid\ffmenu@savevid.com\chrome\videosaklamenu.jar
c:\program files\Savevid\ffmenu@savevid.com\install.rdf
c:\program files\Savevid\redirect.htm
c:\program files\Windows Savevid Toolbar
c:\program files\Windows Savevid Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\DataMngr.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\RequestPreserver.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\SettingManager.js
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\Settings.xml
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Savevid Toolbar\Datamngr\FirefoxExtension\install.rdf.alt
c:\program files\Windows Savevid Toolbar\Datamngr\IEBHO.dll
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\as_guid.dat
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\imeshcode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\template.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\vmncode.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\alert_coupon.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next-off.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-next.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous-off.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\arrow-previous.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-coupon-blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\bg-save.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-getcoupon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-next-blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-previous-blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\btn-wide-close.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\coupon-activated.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\couponTooltip.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\dialog.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css\ie7style.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-coupon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\ico-dollar.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrow-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-left.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\arrows_grey-right.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\bg_top.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-back.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-getcoupon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\btn-search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\coupon-activated.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\delete.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\loader.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollb.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\scrollt.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\sprite.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow-hover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-arrow.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-l_BAK.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-off-r_BAK.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-on-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-over-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\tab-white-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images\vid-bg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\index.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\jquery.contextMenu.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery-1.4.2.min.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.event.wheel.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\jquery.scrollTo-min.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\JSON.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\listnav.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js\main.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\page_white_copy.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\panel.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\partner.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\placeholder-logo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css\dialog.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\bg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\btn-wide-close.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\default.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\transparent.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right-resize.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images\win-btm-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts\defscript.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\tb_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.jsw
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\widget_version.txt
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css\dialog.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrow-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-left.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\arrows_grey-right.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\back.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\btn-search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\delete.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollb.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\scrollt.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow-hover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-arrow.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-off-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-on-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-over-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-red-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\tab-white-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\throbber.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\vid-bg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images\youtube.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\index.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\function.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\jquery-1.4.2.min.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js\JSON.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css\dialog.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\bg-facebook.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\blank.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\btn-wide-close.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\default.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\transparent.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right-resize.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images\win-btm-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\defscript.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts\jquery-1.4.2.min.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\tb_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.jsw
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\widget_version.txt
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\tb_icon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully\widget_version
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\ca.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\divider.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\ebay.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\email.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\facebook.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\games.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\icon_radio_png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\icon_seperator_png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\images.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\imesh.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\logo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\mail.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\modify.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\music.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\news.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rss.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\search.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_over_png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\search_button_png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\settings.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\skin.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\translate.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.css
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\vmn.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\weather.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\web.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\components\windowmediator.js
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\dtUser.exe
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\manifest.xml
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\searchquband.dll
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\searchqudtx.dll
c:\program files\Windows Savevid Toolbar\Datamngr\ToolBar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2012-01-23 19:02 . 2012-01-23 19:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-21 19:47 . 2012-01-21 19:47 -------- d-----w- c:\program files\HitmanPro
2012-01-21 19:25 . 2012-01-21 19:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-21 19:24 . 2012-01-21 19:25 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\HitmanPro
2012-01-03 23:44 . 2005-01-17 07:10 45056 ----a-w- c:\windows\system32\BRTCPCON.DLL
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- C:\Brother
2012-01-03 23:44 . 2012-01-03 23:44 -------- d-----w- c:\program files\Browny02
2012-01-03 23:44 . 2010-08-03 04:57 217088 ------w- c:\windows\system32\NSSearch.dll
2012-01-03 23:44 . 2007-12-14 06:16 5120 ------w- c:\windows\system32\BrDctF2L.dll
2012-01-03 23:44 . 2010-03-16 03:56 2560 ------w- c:\windows\system32\BrDctF2S.dll
2012-01-03 23:44 . 2010-03-16 03:45 73728 ------w- c:\windows\system32\BrDctF2.dll
2012-01-03 23:43 . 2012-01-03 23:43 -------- d-----w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 23:24 . 2010-03-04 04:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2009-08-12 18:34 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2008-04-14 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:20 . 2009-08-12 18:35 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 14:20 . 2009-08-12 18:34 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-04 19:20 . 2009-08-12 18:34 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2009-08-12 18:33 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2009-08-12 18:34 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2008-04-14 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2006-06-27 16:30 . 2006-06-27 16:29 9143496 ----a-w- c:\program files\INSTALL_MSN_MESSENGER_NT.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-23_07.51.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-24 07:15 . 2012-01-24 07:15 16384 c:\windows\temp\Perflib_Perfdata_3a0.dat
+ 2012-01-24 07:15 . 2012-01-24 07:15 16384 c:\windows\temp\Perflib_Perfdata_124.dat
+ 2010-06-12 22:59 . 2012-01-24 07:15 14275 c:\windows\system32\tablet.dat
- 2010-06-12 22:59 . 2012-01-23 04:22 14275 c:\windows\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-03-17 524288]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2009-06-11 3618104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\evntsvc.exe" [2010-02-20 146432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-09-09 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-20 222504]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-27 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\EPSON SMART PANEL for Scanner.lnk
backup=c:\windows\pss\EPSON SMART PANEL for Scanner.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^Calendar Creator Scheduler.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\Calendar Creator Scheduler.lnk
backup=c:\windows\pss\Calendar Creator Scheduler.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^isysadmin.LOPEZ.000^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\isysadmin.LOPEZ.000\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Nvidia Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\isysadmin.LOPEZ.000\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308030.006\SymEFA.sys [10/31/2011 1:10 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308030.006\BHDrvx86.sys [10/31/2011 1:10 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308030.006\cchpx86.sys [10/31/2011 1:10 PM 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20120121.005\IDSXpx86.sys [12/15/2011 3:33 PM 356280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/15/2011 8:40 PM 652872]
R2 MLPTDR_C;MLPTDR_C;c:\windows\system32\MLPTDR_C.SYS [9/3/2002 5:31 PM 19296]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe [10/31/2011 1:09 PM 117648]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\Nvidia Corporation\NVIDIA Updatus\daemonu.exe [8/20/2011 9:54 PM 2255464]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [1/3/2012 3:44 PM 245760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/9/2011 5:46 PM 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2010 8:48 PM 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [8/20/2011 9:52 PM 119528]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/23/2012 11:02 AM 40776]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2010 8:32 PM 697328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-LOPEZ-isysadmin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-22 10:44]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003Core.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
2012-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-920026266-2146976231-1003UA.job
- c:\documents and settings\isysadmin.LOPEZ.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-20 12:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: aol.com\free
TCP: DhcpNameServer = 140.142.17.18 140.142.15.27
FF - ProfilePath - c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Mozilla\Firefox\Profiles\3x7k1jfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org
FF - Ext: cacaoweb: cacaoweb@cacaoweb.org - %profile%\extensions\cacaoweb@cacaoweb.org
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DATAMNGR - c:\progra~1\WI0498~1\Datamngr\DATAMN~1.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-23 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\3.8.3.6\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\3.8.3.6\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1420)
c:\windows\system32\WININET.dll
c:\windows\system32\tabhook.dll
c:\documents and settings\isysadmin.LOPEZ.000\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RunDLL32.exe
.
**************************************************************************
.
Completion time: 2012-01-23 23:22:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-24 07:22
ComboFix2.txt 2012-01-23 07:52
ComboFix3.txt 2012-01-21 17:56
.
Pre-Run: 10,282,098,688 bytes free
Post-Run: 10,254,770,176 bytes free
.
- - End Of File - - 3EB38AF94976B29A46E7A75E861605EC

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 24 January 2012 - 02:47 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

µTorrent
Adobe Reader 9.4.1
Java DB 10.3.1.4
Java™ 6 Update 22
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 7
Windows Savevid Toolbar


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:13 PM

Posted 26 January 2012 - 11:44 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users