Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check


  • This topic is locked This topic is locked
8 replies to this topic

#1 scratchn63

scratchn63

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 05 March 2012 - 04:24 PM

Tried running everything and system check is blocking the programs from fixing the computer. Need help please :)

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Yvonne at 23:16:45 on 2012-03-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1224 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yvonne\Desktop\23kjasd123.com
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - c:\program files\dogpile bundle toolbar\Helper.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou1.dll
uURLSearchHooks: N/A: {1c583e40-0629-4bb9-ab68-1cf539f2f782} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll
mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RivalGaming Games: {26d675ac-d925-4bbf-a720-62c2aa4a81eb} - c:\program files\rivalgaming\RivalGaming.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou1.dll
BHO: Search Assistant BHO: {6ffed9d8-942f-4384-aa29-d3bd083a346a} - c:\program files\retrogamer_2z\bar\1.bin\2zSrcAs.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - c:\program files\dogpile bundle toolbar\Toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
BHO: Toolbar BHO: {fc1e426b-fa76-428f-b680-86ef1edb13c1} - c:\progra~1\retrog~2\bar\1.bin\2zbar.dll
TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - c:\program files\dogpile bundle toolbar\Toolbar.dll
TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou1.dll
TB: Retrogamer: {54ba686e-738f-42fe-badd-d8cb7cfbc07e} - c:\program files\retrogamer_2z\bar\1.bin\2zbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Retrogamer_2z Browser Plugin Loader] c:\progra~1\retrog~2\bar\1.bin\2zbrmon.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DwcShfdOUdbj.exe] c:\documents and settings\all users\application data\DwcShfdOUdbj.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
IE: &Search - http://tbedits.retrogamer.com/one-toolbaredits/menusearch.jhtml?s=100000494&p=RGxdm300YYus&si=&a=8865EB3C-89D1-4FB0-B95A-0114F3E84BC1&n=2011060913
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1297283390968
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89C2E194-67C7-43D0-8285-726A6FC60FD9} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-2-10 652360]
S2 Retrogamer_2zService;Retrogamer Service;c:\progra~1\retrog~2\bar\1.bin\2zbarsvc.exe [2011-6-9 34856]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-15 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-2-10 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-10 38224]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\wusb54gscv2.sys --> c:\windows\system32\drivers\WUSB54GSCV2.sys [?]
.
=============== Created Last 30 ================
.
2012-03-05 05:15:07 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{724d4f10-937d-4a76-a4f2-729455fc6eb1}\offreg.dll
2012-03-05 04:17:29 -------- d-----w- c:\documents and settings\yvonne\local settings\application data\PCHealth
2012-03-05 03:09:07 5824 ---ha-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-03-05 01:55:20 733308 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-05 01:51:56 -------- d--h--w- c:\program files\The Weather Channel
2012-03-05 01:39:35 430080 ---ha-w- c:\documents and settings\all users\application data\DwcShfdOUdbj.exe
2012-03-04 07:42:20 6552120 ---ha-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{724d4f10-937d-4a76-a4f2-729455fc6eb1}\mpengine.dll
2012-02-15 13:32:37 3072 -c-h--w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:32:37 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-02-12 05:27:03 -------- d--h--w- c:\windows\system32\wbem\Repository
2012-02-12 05:27:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
.
==================== Find3M ====================
.
2012-01-31 12:44:05 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53:24 1859968 ---ha-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ---h--w- c:\windows\system32\html.iec
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 23:17:33.65 ===============

Attached Files

  • Attached File  dds.txt   10.26KB   1 downloads


BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:27 PM

Posted 05 March 2012 - 10:25 PM

Hello scratchn63 and welcome to BC.

:step1: Please go to Control Panel > Add Remove programs and uninstall the following:
  • retrogamer_2z
  • selectrebates


:step2: Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 scratchn63

scratchn63
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 06 March 2012 - 12:48 PM

It gave me an error message when it tried to download the Windows Recovery, but other then that, here is what I got. Thanks again for your help. :)


ComboFix 12-03-04.02 - Yvonne 03/06/2012 11:30:31.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1483 [GMT -6:00]
Running from: c:\documents and settings\Yvonne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DwcShfdOUdbj.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico
c:\documents and settings\Yvonne\Desktop\System Check.lnk
c:\documents and settings\Yvonne\My Documents\ShopToWin
c:\program files\Retrogamer_2zEI
c:\program files\Shop to Win
c:\program files\Shop to Win\STWNotify.exe
c:\program files\Shop to Win\STWSetup-IE.exe
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\as_guid.dat
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\data(2)\search(2)\engines.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\data(2)\search(2)\search.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\about.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\bandoocode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxpanel.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxpaneltransparent.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxtransparentwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\external.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\imeshcode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\lib(2)\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\modules(2)\datastore.jsm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\modules(2)\nsDragAndDrop.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\partner.coupons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\preferences.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\radiobeta.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\toolbar.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\toolbar.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\vmncode.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\vmnrsswin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).PPCBully\tb_icon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).PPCBully\widget.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).PPCBully\widget.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\content(2)\widgets(2)\net.vmn.www(2).PPCBully\widget_version
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\babylon_logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\bandoo.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\bluelite.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\bluesky.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\btn_settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\ca.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\dictionary.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\downloadcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\dtxlogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\ebay.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\email.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\email_on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\facebook.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\games.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred1_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred2_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred3_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred4.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred4_5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphred5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\graphredna.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\grey.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\ico-shield.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\icon_radio_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\icon_seperator_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\icon_twitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\icon_youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\images.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\imesh.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\aol.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\arrow-right-disabled.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btn-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btnover-divider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\blank.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btn_slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\checkmark.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\chevron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\comcast.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\dtx.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\edit-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\gmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\hotmail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\imap.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\lock.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\mailcom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menu_separator_white.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\move.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\movetarget.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2)\panels.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2)\popupAbout.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2)\popupGames.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2)\popupRSS.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\css(2)\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\css(2)\dialog.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\bg.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\btn-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\btn-wide-close-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\default.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\tab-off-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\tab-off-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\tab-on-l.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\tab-on-r.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\transparent.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\ttlbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\ttlbar-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\ttlbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-btm-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-btm-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-btm-right-resize.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-btm-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\images(2)\win-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\main.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\default(2)\scripts(2)\defscript.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\footer.htm
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\gameData.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\gameList.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\games.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\gametype.xsl
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-addtoolbar-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-addtoolbar-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-addtoolbar-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-back.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-drag.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-mdl-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-mdl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-moredetails.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-play-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-play-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-right-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-try-left-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\btn-try-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\bullet-orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-dollar.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-news24.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\ico-tags.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\icon-Add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\icon-download.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\icon-Info.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\icon-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\icon-shop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollb.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\scrollt.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\images(2)\widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\initHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\popupGames.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\popupHTML.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\popupRSS.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\panels(2)\scroll.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\pop.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\css(2)\manager.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\css(2)\slider.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\ico-radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\music-note.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-buffer.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-options.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\slider.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\slideron.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\images(2)\track.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\managerpanel.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio(2)\volumeslider.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radio.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\rename.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\resize-box.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\scroll-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\scroll-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\search-go.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_02.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_03.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_04.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_06.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_07.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_08.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_09.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_10.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_11.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_12.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_13.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_14.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_15.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_16.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_18.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_19.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_20.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\border_21.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\close-hot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\close-normal.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\proxy.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\template.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\template.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\templateFF.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\uwa(2)\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2)\cond999.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2)\icons.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2)\na-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2)\na-t.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\icons(2)\na.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\add.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\bg-pnl520x350.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\box-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btn-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\ico-check.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\over-blue.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\over-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\radio-checked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\images(2)\weather-contour.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\popupWeather.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\weatherbutton(2)\panels(2)\popupWeather.html
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lib(2)\yahoo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\lichen.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\logo-about.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\logo-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\logo-separator.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\logo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\mail.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\maps.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\modify-save.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\modify.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\modifyhot.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\music.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\news.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\options(2)\options-main.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\options(2)\options-search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\options(2)\options-weather.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\options(2)\options-weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\options(2)\options-widgets.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\orange.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\pixsy.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\protect-id.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\radiobeta-buffering.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\radiobeta-connecting.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\radiobeta-playing.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\radiobeta-stopped.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-delete.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-expand.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-feed.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-folder.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-found.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-reload.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rss.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rssback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\search-over.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\search.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\search_button_over_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\search_button_png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\searchbar(2)\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\searchbar(2)\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\searchbar(2)\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\settings.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\shopping.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\siteinfo.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-grey.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-orange.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\skin.xml
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\technorati.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\throbber.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\translate.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\video.bmp
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\vmn.css
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\vmn.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\weather.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\web.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\wikipedia.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\yellow.gif
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\youtube.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\chrome(2)\skin(2)\zoom.png
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\components(2)\windowmediator.js
c:\program files\Windows Searchqu Toolbar\Datamngr\ToolBar(2)\manifest.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 17:21 . 2011-06-09 17:51 706504 ----a-w- c:\program files\Uninstall Retrogamer.dll
2012-03-05 04:55 . 2012-03-05 04:56 -------- d-----w- c:\documents and settings\Administrator
2012-03-05 04:17 . 2012-03-05 04:17 -------- d-----w- c:\documents and settings\Yvonne\Local Settings\Application Data\PCHealth
2012-03-05 03:09 . 2005-01-19 09:17 5824 ---ha-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2012-03-05 01:55 . 2012-03-05 01:56 733308 ---ha-w- c:\windows\system32\PerfStringBackup.TMP
2012-03-05 01:51 . 2012-03-05 01:51 -------- d--h--w- c:\program files\The Weather Channel
2012-03-04 07:42 . 2012-02-08 06:03 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{724D4F10-937D-4A76-A4F2-729455FC6EB1}\mpengine.dll
2012-02-15 13:32 . 2012-01-11 19:06 3072 -c-h--w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 13:32 . 2012-01-11 19:06 3072 ---h--w- c:\windows\system32\iacenc.dll
2012-02-12 05:27 . 2012-02-12 05:27 -------- d--h--w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-08 06:03 . 2011-02-10 15:51 6552120 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-02-10 15:51 237072 ---h--w- c:\windows\system32\MpSigStub.exe
2012-01-12 16:53 . 2008-04-14 05:00 1859968 ---ha-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 09:42 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-04-14 09:42 916992 ---ha-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 09:41 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2008-04-14 04:07 385024 ---h--w- c:\windows\system32\html.iec
2011-12-10 21:24 . 2011-02-10 16:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-04-15 357376]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ---ha-w- c:\program files\Coupons.com\prxtbCou1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-04-15 02:02 1547776 ---ha-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-12-14 21:51 1514152 ---ha-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-15 1547776]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou1.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-04-15 1547776]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\prxtbCou1.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-08 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"rivalgaming cleanup 1_0"="rd" [X]
"rivalgaming cleanup 2"="reg delete HKCU\Software\RivalGamingData" [X]
"rivalgaming cleanup 3"="reg delete HKCU\Software\AppDataLow\RivalGamingData" [X]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\Dogpile Bundle Toolbar\\ToolbarUpdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"c:\\Documents and Settings\\Yvonne\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2011 1:14 PM 136176]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/10/2011 10:07 AM 652360]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 5:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/15/2011 1:14 PM 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/10/2011 10:07 AM 20464]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/10/2011 10:07 AM 38224]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 3:42 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2.sys --> c:\windows\system32\DRIVERS\WUSB54GSCV2.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-03-04 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-03-04 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-03-04 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-03-04 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-06-14 22:07]
.
2012-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-1454471165-682003330-1004Core.job
- c:\documents and settings\Yvonne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-26 00:36]
.
2012-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1417001333-1454471165-682003330-1004UA.job
- c:\documents and settings\Yvonne\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-26 00:36]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 19:13]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-15 19:13]
.
2012-03-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
.
2012-03-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-12-14 21:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-DwcShfdOUdbj.exe - c:\documents and settings\All Users\Application Data\DwcShfdOUdbj.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 11:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-1454471165-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,78,43,db,1a,64,bc,47,ab,a1,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7d,78,43,db,1a,64,bc,47,ab,a1,89,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(540)
c:\windows\System32\BCMLogon.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'winlogon.exe'(360)
c:\windows\system32\l3codeca.acm
.
Completion time: 2012-03-06 11:40:46
ComboFix-quarantined-files.txt 2012-03-06 17:40
.
Pre-Run: 144,935,088,128 bytes free
Post-Run: 145,701,568,512 bytes free
.
- - End Of File - - 7DC9DA86970FAB15031B8E94836B9CE1

#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:27 PM

Posted 06 March 2012 - 08:47 PM

Please let me know if there's any changes on your computer's behavior.


:step1: Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" is Cure (Please click on it and change it to skip).
  • Click on Report to generate a log.
  • Please post that log when you reply.



:step3: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 scratchn63

scratchn63
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 07 March 2012 - 01:12 PM

It seems to be ok at this point, if we have any more trouble, I will get in touch. Thanks for your help and time. :)

This is TDSS

12:08:05.0359 2520 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
12:08:06.0031 2520 ============================================================
12:08:06.0031 2520 Current date / time: 2012/03/07 12:08:06.0031
12:08:06.0031 2520 SystemInfo:
12:08:06.0031 2520
12:08:06.0046 2520 OS Version: 5.1.2600 ServicePack: 3.0
12:08:06.0046 2520 Product type: Workstation
12:08:06.0046 2520 ComputerName: OWNER-B70A4B1ED
12:08:06.0046 2520 UserName: Yvonne
12:08:06.0046 2520 Windows directory: C:\windows
12:08:06.0046 2520 System windows directory: C:\windows
12:08:06.0046 2520 Processor architecture: Intel x86
12:08:06.0046 2520 Number of processors: 1
12:08:06.0046 2520 Page size: 0x1000
12:08:06.0046 2520 Boot type: Normal boot
12:08:06.0046 2520 ============================================================
12:08:08.0156 2520 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:08:08.0156 2520 \Device\Harddisk0\DR0:
12:08:08.0156 2520 MBR used
12:08:08.0156 2520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A011FC
12:08:08.0265 2520 Initialize success
12:08:08.0265 2520 ============================================================
12:08:10.0703 1032 ============================================================
12:08:10.0703 1032 Scan started
12:08:10.0703 1032 Mode: Manual;
12:08:10.0703 1032 ============================================================
12:08:13.0281 1032 Abiosdsk - ok
12:08:13.0296 1032 abp480n5 - ok
12:08:13.0359 1032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\windows\system32\DRIVERS\ACPI.sys
12:08:13.0359 1032 ACPI - ok
12:08:13.0406 1032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\windows\system32\drivers\ACPIEC.sys
12:08:13.0421 1032 ACPIEC - ok
12:08:13.0437 1032 adpu160m - ok
12:08:13.0500 1032 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys
12:08:13.0500 1032 aec - ok
12:08:13.0562 1032 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\windows\System32\drivers\afd.sys
12:08:13.0562 1032 AFD - ok
12:08:13.0578 1032 Aha154x - ok
12:08:13.0593 1032 aic78u2 - ok
12:08:13.0609 1032 aic78xx - ok
12:08:13.0625 1032 AliIde - ok
12:08:13.0671 1032 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\windows\system32\DRIVERS\AmdPPM.sys
12:08:13.0687 1032 AmdPPM - ok
12:08:13.0703 1032 amsint - ok
12:08:13.0718 1032 asc - ok
12:08:13.0734 1032 asc3350p - ok
12:08:13.0750 1032 asc3550 - ok
12:08:13.0843 1032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys
12:08:13.0859 1032 AsyncMac - ok
12:08:13.0890 1032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys
12:08:13.0906 1032 atapi - ok
12:08:13.0906 1032 Atdisk - ok
12:08:13.0937 1032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys
12:08:13.0968 1032 Atmarpc - ok
12:08:14.0015 1032 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys
12:08:14.0031 1032 audstub - ok
12:08:14.0109 1032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys
12:08:14.0140 1032 Beep - ok
12:08:14.0312 1032 catchme - ok
12:08:14.0484 1032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys
12:08:14.0500 1032 cbidf2k - ok
12:08:14.0531 1032 cd20xrnt - ok
12:08:14.0562 1032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys
12:08:14.0593 1032 Cdaudio - ok
12:08:14.0640 1032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys
12:08:14.0671 1032 Cdfs - ok
12:08:14.0828 1032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys
12:08:14.0859 1032 Cdrom - ok
12:08:14.0890 1032 Changer - ok
12:08:14.0921 1032 CmdIde - ok
12:08:14.0953 1032 Cpqarray - ok
12:08:14.0968 1032 dac2w2k - ok
12:08:14.0984 1032 dac960nt - ok
12:08:15.0046 1032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys
12:08:15.0062 1032 Disk - ok
12:08:15.0109 1032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\windows\system32\drivers\dmboot.sys
12:08:15.0171 1032 dmboot - ok
12:08:15.0234 1032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\windows\system32\drivers\dmio.sys
12:08:15.0265 1032 dmio - ok
12:08:15.0328 1032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys
12:08:15.0343 1032 dmload - ok
12:08:15.0437 1032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys
12:08:15.0437 1032 DMusic - ok
12:08:15.0468 1032 dpti2o - ok
12:08:15.0515 1032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys
12:08:15.0515 1032 drmkaud - ok
12:08:15.0593 1032 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys
12:08:15.0609 1032 Fastfat - ok
12:08:15.0671 1032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys
12:08:15.0687 1032 Fdc - ok
12:08:15.0781 1032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\windows\system32\drivers\Fips.sys
12:08:15.0796 1032 Fips - ok
12:08:15.0875 1032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys
12:08:15.0890 1032 Flpydisk - ok
12:08:15.0953 1032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\DRIVERS\fltMgr.sys
12:08:15.0968 1032 FltMgr - ok
12:08:16.0046 1032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys
12:08:16.0078 1032 Fs_Rec - ok
12:08:16.0109 1032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\windows\system32\DRIVERS\ftdisk.sys
12:08:16.0125 1032 Ftdisk - ok
12:08:16.0171 1032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys
12:08:16.0187 1032 Gpc - ok
12:08:16.0234 1032 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\windows\system32\GTNDIS5.SYS
12:08:16.0250 1032 GTNDIS5 - ok
12:08:16.0453 1032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys
12:08:16.0453 1032 HDAudBus - ok
12:08:16.0484 1032 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys
12:08:16.0500 1032 hidusb - ok
12:08:16.0500 1032 hpn - ok
12:08:16.0562 1032 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\windows\system32\DRIVERS\HSFHWBS2.sys
12:08:16.0593 1032 HSFHWBS2 - ok
12:08:16.0671 1032 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\windows\system32\DRIVERS\HSF_DP.sys
12:08:16.0796 1032 HSF_DP - ok
12:08:16.0843 1032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys
12:08:16.0843 1032 HTTP - ok
12:08:16.0859 1032 i2omgmt - ok
12:08:16.0875 1032 i2omp - ok
12:08:16.0906 1032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\windows\system32\drivers\i8042prt.sys
12:08:16.0937 1032 i8042prt - ok
12:08:16.0984 1032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys
12:08:17.0000 1032 Imapi - ok
12:08:17.0031 1032 ini910u - ok
12:08:17.0218 1032 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\windows\system32\drivers\RtkHDAud.sys
12:08:17.0328 1032 IntcAzAudAddService - ok
12:08:17.0328 1032 IntelIde - ok
12:08:17.0375 1032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\DRIVERS\Ip6Fw.sys
12:08:17.0406 1032 Ip6Fw - ok
12:08:17.0562 1032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:08:17.0593 1032 IpFilterDriver - ok
12:08:17.0656 1032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys
12:08:17.0687 1032 IpInIp - ok
12:08:17.0781 1032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys
12:08:17.0781 1032 IpNat - ok
12:08:17.0843 1032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys
12:08:17.0875 1032 IPSec - ok
12:08:17.0906 1032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys
12:08:17.0921 1032 IRENUM - ok
12:08:17.0968 1032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\windows\system32\DRIVERS\isapnp.sys
12:08:18.0000 1032 isapnp - ok
12:08:18.0078 1032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\windows\system32\DRIVERS\kbdclass.sys
12:08:18.0109 1032 Kbdclass - ok
12:08:18.0156 1032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\windows\system32\DRIVERS\kbdhid.sys
12:08:18.0171 1032 kbdhid - ok
12:08:18.0281 1032 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys
12:08:18.0281 1032 kmixer - ok
12:08:18.0312 1032 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\windows\system32\DRIVERS\KMWDFILTER.sys
12:08:18.0343 1032 KMWDFILTER - ok
12:08:18.0375 1032 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys
12:08:18.0375 1032 KSecDD - ok
12:08:18.0390 1032 lbrtfdc - ok
12:08:18.0453 1032 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:08:18.0484 1032 MBAMProtector - ok
12:08:18.0562 1032 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\windows\system32\drivers\mbamswissarmy.sys
12:08:18.0562 1032 MBAMSwissArmy - ok
12:08:18.0640 1032 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\windows\system32\DRIVERS\mdmxsdk.sys
12:08:18.0640 1032 mdmxsdk - ok
12:08:18.0718 1032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys
12:08:18.0718 1032 mnmdd - ok
12:08:18.0828 1032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\windows\system32\drivers\Modem.sys
12:08:18.0828 1032 Modem - ok
12:08:18.0906 1032 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\windows\system32\drivers\MODEMCSA.sys
12:08:18.0921 1032 MODEMCSA - ok
12:08:19.0015 1032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\windows\system32\DRIVERS\mouclass.sys
12:08:19.0031 1032 Mouclass - ok
12:08:19.0125 1032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\windows\system32\DRIVERS\mouhid.sys
12:08:19.0140 1032 mouhid - ok
12:08:19.0218 1032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys
12:08:19.0234 1032 MountMgr - ok
12:08:19.0281 1032 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
12:08:19.0343 1032 MpFilter - ok
12:08:19.0546 1032 MpKsld096401b (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{724D4F10-937D-4A76-A4F2-729455FC6EB1}\MpKsld096401b.sys
12:08:19.0546 1032 MpKsld096401b - ok
12:08:19.0671 1032 mraid35x - ok
12:08:19.0750 1032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys
12:08:19.0750 1032 MRxDAV - ok
12:08:19.0812 1032 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\windows\system32\DRIVERS\mrxsmb.sys
12:08:19.0828 1032 MRxSmb - ok
12:08:19.0890 1032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys
12:08:19.0906 1032 Msfs - ok
12:08:19.0953 1032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys
12:08:19.0968 1032 MSKSSRV - ok
12:08:19.0984 1032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys
12:08:20.0000 1032 MSPCLOCK - ok
12:08:20.0015 1032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys
12:08:20.0015 1032 MSPQM - ok
12:08:20.0062 1032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys
12:08:20.0062 1032 mssmbios - ok
12:08:20.0125 1032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\windows\system32\drivers\Mup.sys
12:08:20.0125 1032 Mup - ok
12:08:20.0187 1032 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys
12:08:20.0250 1032 NDIS - ok
12:08:20.0296 1032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\windows\system32\DRIVERS\ndistapi.sys
12:08:20.0296 1032 NdisTapi - ok
12:08:20.0359 1032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys
12:08:20.0375 1032 Ndisuio - ok
12:08:20.0453 1032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys
12:08:20.0484 1032 NdisWan - ok
12:08:20.0546 1032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys
12:08:20.0546 1032 NDProxy - ok
12:08:20.0578 1032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys
12:08:20.0609 1032 NetBIOS - ok
12:08:20.0625 1032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys
12:08:20.0656 1032 NetBT - ok
12:08:20.0812 1032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys
12:08:20.0828 1032 Npfs - ok
12:08:20.0859 1032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys
12:08:20.0906 1032 Ntfs - ok
12:08:21.0000 1032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys
12:08:21.0015 1032 Null - ok
12:08:21.0343 1032 nv (ed9816dbaf6689542ea7d022631906a1) C:\windows\system32\DRIVERS\nv4_mini.sys
12:08:21.0656 1032 nv - ok
12:08:21.0828 1032 NVENETFD (7d275ecda4628318912f6c945d5cf963) C:\windows\system32\DRIVERS\NVENETFD.sys
12:08:21.0859 1032 NVENETFD - ok
12:08:21.0937 1032 nvnetbus (b64aacefad2be5bff5353fe681253c67) C:\windows\system32\DRIVERS\nvnetbus.sys
12:08:21.0953 1032 nvnetbus - ok
12:08:22.0031 1032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys
12:08:22.0031 1032 NwlnkFlt - ok
12:08:22.0046 1032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys
12:08:22.0078 1032 NwlnkFwd - ok
12:08:22.0156 1032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\windows\system32\drivers\Parport.sys
12:08:22.0156 1032 Parport - ok
12:08:22.0203 1032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys
12:08:22.0218 1032 PartMgr - ok
12:08:22.0265 1032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\windows\system32\drivers\ParVdm.sys
12:08:22.0281 1032 ParVdm - ok
12:08:22.0328 1032 PCI (a219903ccf74233761d92bef471a07b1) C:\windows\system32\DRIVERS\pci.sys
12:08:22.0359 1032 PCI - ok
12:08:22.0421 1032 PCIDump - ok
12:08:22.0437 1032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\windows\system32\DRIVERS\pciide.sys
12:08:22.0453 1032 PCIIde - ok
12:08:22.0531 1032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\windows\system32\drivers\Pcmcia.sys
12:08:22.0562 1032 Pcmcia - ok
12:08:22.0578 1032 PDCOMP - ok
12:08:22.0609 1032 PDFRAME - ok
12:08:22.0625 1032 PDRELI - ok
12:08:22.0640 1032 PDRFRAME - ok
12:08:22.0671 1032 perc2 - ok
12:08:22.0687 1032 perc2hib - ok
12:08:22.0796 1032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys
12:08:22.0828 1032 PptpMiniport - ok
12:08:22.0875 1032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\windows\system32\DRIVERS\processr.sys
12:08:22.0906 1032 Processor - ok
12:08:22.0984 1032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys
12:08:23.0015 1032 PSched - ok
12:08:23.0046 1032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys
12:08:23.0062 1032 Ptilink - ok
12:08:23.0109 1032 ql1080 - ok
12:08:23.0125 1032 Ql10wnt - ok
12:08:23.0156 1032 ql12160 - ok
12:08:23.0171 1032 ql1240 - ok
12:08:23.0187 1032 ql1280 - ok
12:08:23.0218 1032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys
12:08:23.0234 1032 RasAcd - ok
12:08:23.0312 1032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys
12:08:23.0343 1032 Rasl2tp - ok
12:08:23.0359 1032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys
12:08:23.0375 1032 RasPppoe - ok
12:08:23.0453 1032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys
12:08:23.0484 1032 Raspti - ok
12:08:23.0546 1032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys
12:08:23.0578 1032 Rdbss - ok
12:08:23.0609 1032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys
12:08:23.0625 1032 RDPCDD - ok
12:08:23.0656 1032 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\windows\system32\drivers\RDPWD.sys
12:08:23.0671 1032 RDPWD - ok
12:08:23.0703 1032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\windows\system32\DRIVERS\redbook.sys
12:08:23.0734 1032 redbook - ok
12:08:23.0812 1032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys
12:08:23.0843 1032 Secdrv - ok
12:08:23.0890 1032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\windows\system32\drivers\Serial.sys
12:08:23.0890 1032 Serial - ok
12:08:24.0000 1032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys
12:08:24.0000 1032 Sfloppy - ok
12:08:24.0031 1032 Simbad - ok
12:08:24.0046 1032 Sparrow - ok
12:08:24.0140 1032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys
12:08:24.0140 1032 splitter - ok
12:08:24.0203 1032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\windows\system32\DRIVERS\sr.sys
12:08:24.0250 1032 sr - ok
12:08:24.0328 1032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\windows\system32\DRIVERS\srv.sys
12:08:24.0328 1032 Srv - ok
12:08:24.0421 1032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys
12:08:24.0437 1032 swenum - ok
12:08:24.0500 1032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys
12:08:24.0500 1032 swmidi - ok
12:08:24.0515 1032 symc810 - ok
12:08:24.0531 1032 symc8xx - ok
12:08:24.0546 1032 sym_hi - ok
12:08:24.0562 1032 sym_u3 - ok
12:08:24.0578 1032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys
12:08:24.0578 1032 sysaudio - ok
12:08:24.0656 1032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys
12:08:24.0656 1032 Tcpip - ok
12:08:24.0703 1032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys
12:08:24.0734 1032 TDPIPE - ok
12:08:24.0828 1032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys
12:08:24.0843 1032 TDTCP - ok
12:08:24.0875 1032 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys
12:08:24.0906 1032 TermDD - ok
12:08:24.0984 1032 TosIde - ok
12:08:25.0015 1032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys
12:08:25.0046 1032 Udfs - ok
12:08:25.0109 1032 ultra - ok
12:08:25.0187 1032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys
12:08:25.0218 1032 Update - ok
12:08:25.0296 1032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
12:08:25.0312 1032 USBAAPL - ok
12:08:25.0375 1032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys
12:08:25.0390 1032 usbccgp - ok
12:08:25.0484 1032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys
12:08:25.0531 1032 usbehci - ok
12:08:25.0640 1032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys
12:08:25.0671 1032 usbhub - ok
12:08:25.0687 1032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\windows\system32\DRIVERS\usbohci.sys
12:08:25.0703 1032 usbohci - ok
12:08:25.0765 1032 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys
12:08:25.0781 1032 usbprint - ok
12:08:25.0812 1032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys
12:08:25.0828 1032 usbscan - ok
12:08:25.0890 1032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:08:25.0906 1032 USBSTOR - ok
12:08:26.0000 1032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys
12:08:26.0015 1032 VgaSave - ok
12:08:26.0046 1032 ViaIde - ok
12:08:26.0078 1032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\windows\system32\drivers\VolSnap.sys
12:08:26.0109 1032 VolSnap - ok
12:08:26.0140 1032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys
12:08:26.0156 1032 Wanarp - ok
12:08:26.0187 1032 WDICA - ok
12:08:26.0250 1032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys
12:08:26.0250 1032 wdmaud - ok
12:08:26.0406 1032 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\windows\system32\DRIVERS\HSF_CNXT.sys
12:08:26.0500 1032 winachsf - ok
12:08:26.0703 1032 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\windows\system32\DRIVERS\wpdusb.sys
12:08:26.0734 1032 WpdUsb - ok
12:08:26.0796 1032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\windows\System32\drivers\ws2ifsl.sys
12:08:26.0828 1032 WS2IFSL - ok
12:08:26.0890 1032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys
12:08:26.0921 1032 WudfPf - ok
12:08:27.0000 1032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys
12:08:27.0046 1032 WudfRd - ok
12:08:27.0093 1032 WUSB54GSCV2 - ok
12:08:27.0125 1032 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:08:27.0250 1032 \Device\Harddisk0\DR0 - ok
12:08:27.0250 1032 Boot (0x1200) (135392ead8be5a26846d37312cc4dd8e) \Device\Harddisk0\DR0\Partition0
12:08:27.0250 1032 \Device\Harddisk0\DR0\Partition0 - ok
12:08:27.0250 1032 ============================================================
12:08:27.0250 1032 Scan finished
12:08:27.0250 1032 ============================================================
12:08:27.0265 1380 Detected object count: 0
12:08:27.0265 1380 Actual detected object count: 0

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:27 PM

Posted 07 March 2012 - 10:48 PM

It seems to be ok at this point, if we have any more trouble, I will get in touch. Thanks for your help and time.

Please let me know if you still wish to proceed or continue with this cleaning process or call this topic as resolved. Please advise.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 scratchn63

scratchn63
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 08 March 2012 - 10:50 AM

Resolved is fine, it hasn't had any problems and is working fine. If it starts messing up, I will re-open one. Thanks again :)

#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:27 PM

Posted 10 March 2012 - 05:28 AM

Uninstall:

1. ComboFix

  • Click Start > Run > copy-paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall


Delete:

1. DDS
2. TDSSKiller
3. aswMBR



How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:27 PM

Posted 10 March 2012 - 05:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users