Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser tabs only open in searchnu.com/405


  • This topic is locked This topic is locked
28 replies to this topic

#1 NickFly

NickFly

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 07 March 2012 - 09:01 AM

Hi guys. Every time I open a new tab, I get something that looks a bit like Google but clearly isn't - the URL is always the same: http://www.searchnu.com/405?tag=newtab

I ran a full scan with Malwarebytes, which came back clean, and an Anti-Rootkit scan with AVG, which apparently actually found a different trojan horse (time to update my anti virus..?) but didn't fix the searchnu issue. Any advice would be greatly appreciated.

I tried to paste the GMER log below as it said the file was too big to attach, but it won't let me post anything that long. Is there another way I can get it to you?

I also had a problem with DDS - whenever I tried to run it, I got a warning message from Comodo, saying it was a "known malicious file. You MUST block this request". Should I just ignore that?

Thanks guys.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 07 March 2012 - 12:32 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 March 2012 - 08:11 AM

Hi, thanks for the speedy response! I've run the De-Fogger and attached/pasted the two DDS logs (I had to disable Comodo to run DDS, then switch it back on, hope that was correct?) I've also attached the GMER log that I failed to attach the first time (don't know why it didn't occur to me to compress it before...)


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_22
Run by L'Fly V2 at 7:54:05 on 2012-03-08
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3034.1622 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Windows Savevid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/405
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: Savevid Toolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\wi0498~1\datamngr\toolbar\savevidX.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [DATAMNGR] c:\progra~1\wi0498~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\l'flyv~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\savevidplug-in\redirect.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6DF4B0FA-FD37-4F11-835C-C8965F76A171} : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi0498~1\datamngr\datamngr.dll c:\progra~1\wi0498~1\datamngr\iebho.dll c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\l'fly v2\appdata\roaming\mozilla\firefox\profiles\9oqokb80.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=
FF - component: c:\program files\windows savevid toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - component: c:\users\l'fly v2\appdata\roaming\mozilla\firefox\profiles\9oqokb80.default\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}\components\dtTransparency.dll
FF - component: c:\users\l'fly v2\appdata\roaming\mozilla\firefox\profiles\9oqokb80.default\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}\components\dtTransparency3.5.dll
FF - component: c:\users\l'fly v2\appdata\roaming\mozilla\firefox\profiles\9oqokb80.default\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: Savevid.com Easy Video Downloader: ffmenu@savevid.com - %profile%\extensions\ffmenu@savevid.com
FF - Ext: SavevidToolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - %profile%\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 236600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 34744]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-18 81920]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-9-16 16400]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-9-23 246600]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-18 29736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-9 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-9 133104]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2009-8-24 18912]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2010-4-1 19968]
S4 0158121283519983mcinstcleanup;McAfee Application Installer Cleanup (0158121283519983);c:\users\l'flyv~1\appdata\local\temp\015812~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\users\l'flyv~1\appdata\local\temp\015812~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-29 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-10-29 234888]
.
=============== Created Last 30 ================
.
2012-02-19 00:55:02 -------- d-----w- C:\459655a011c8a83fb43028933b9a
2012-02-16 12:58:02 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 12:58:01 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 01:33:14 -------- d-----w- c:\programdata\boost_interprocess
2012-02-10 01:33:06 -------- d-----w- c:\program files\Windows Savevid Toolbar
2012-02-10 01:32:51 -------- dc-h--w- c:\programdata\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}
2012-02-10 01:32:46 -------- d-----w- c:\program files\SavevidPlug-in
2012-02-10 01:31:54 -------- d-----w- c:\users\l'fly v2\appdata\local\PackageAware
.
==================== Find3M ====================
.
2011-12-17 14:33:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 7:55:06.69 ===============

Attached Files



#4 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 08 March 2012 - 08:13 AM

Sorry, just saw the 'do not attach' request - second DDS log pasted below. GMER log is too long to post, though.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 8/17/2009 7:46:20 PM
System Uptime: 3/8/2012 7:20:40 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | Microprocessor | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 69.845 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 6.656 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
AVG 2012
AviSynth 2.5
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Bing Bar
Bonjour
calibre
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MG5200 series MP Drivers
Canon MG5200 series User Registration
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Choice Guard
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Dell-eBay
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card Utility
DELL0703
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EphPod
ESET Online Scanner v3
Express Burn Disc Burning Software
Express Scribe
ffdshow [rev 2527] [2008-12-19]
Free DigiRack Plug-Ins 8.0
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® TV Wizard
Intel® Matrix Storage Manager
Interlok driver setup x32
iTunes
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Logitech Gaming Software 5.08
MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
MKV Splitter
Mozilla Firefox (3.6.27)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NCH Toolbox
PDF to ePub Converter 2.1.4
PowerDVD DX
Project64 1.6
PRS-500 USB driver
QuickSet
QuickTime
Reader Library by Sony
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SaveVid Plug-in
Savevid Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype web features
Skype™ 4.1
Switch Sound File Converter
Ulead BD DiscRecorder 2.5
Ulead DVD MovieFactory 5
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
VC80CRTRedist - 8.0.50727.4053
Videora iPod Converter 5.03
Vuze
Vuze Remote Toolbar
Vuze Toolbar
WIDCOMM Bluetooth Software 6.1.0.4502
WildTangent Games
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
Windows Savevid Toolbar
WinRAR archiver
YouTube Downloader App 2.03
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 08 March 2012 - 12:16 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 10 March 2012 - 12:49 PM

Hi, here is the Combofix log - no problem running it. However, new tabs are still opening as http://www.searchnu.com/405?tag=newtab



ComboFix 12-03-10.02 - L'Fly V2 03/10/2012 12:16:14.6.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3034.1845 [GMT -5:00]
Running from: c:\users\L'Fly V2\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 17:27 . 2012-03-10 17:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-10 17:27 . 2012-03-10 17:27 -------- d-----w- c:\users\L'Fly\AppData\Local\temp
2012-03-10 17:27 . 2012-03-10 17:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 00:55 . 2012-02-19 00:55 -------- d-----w- C:\459655a011c8a83fb43028933b9a
2012-02-16 12:58 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 12:58 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 01:33 . 2012-02-10 01:33 -------- d-----w- c:\programdata\boost_interprocess
2012-02-10 01:33 . 2012-02-10 01:36 -------- d-----w- c:\program files\Windows Savevid Toolbar
2012-02-10 01:32 . 2012-02-10 01:32 -------- dc-h--w- c:\programdata\{C4A867AE-B15C-4B7F-AD27-7F8C13A57518}
2012-02-10 01:32 . 2012-02-10 01:32 -------- d-----w- c:\program files\SavevidPlug-in
2012-02-10 01:31 . 2012-02-10 01:31 -------- d-----w- c:\users\L'Fly V2\AppData\Local\PackageAware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 14:33 . 2011-12-17 14:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23cd218f-af09-443f-bbb1-adb89fd5986d}]
2011-12-24 20:36 88976 ----a-w- c:\progra~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-23 11:44 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-23 1451336]
"{23cd218f-af09-443f-bbb1-adb89fd5986d}"= "c:\progra~1\WI0498~1\Datamngr\ToolBar\savevidX.dll" [2011-12-24 88976]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{23cd218f-af09-443f-bbb1-adb89fd5986d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-27 2548552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-23 218440]
.
c:\users\L'Fly V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-18 05:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\WI0498~1\Datamngr\datamngr.dll c:\progra~1\WI0498~1\Datamngr\IEBHO.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-09-17 04:14 153608 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
2007-01-26 00:45 159744 ------w- c:\program files\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R4 0158121283519983mcinstcleanup;McAfee Application Installer Cleanup (0158121283519983);c:\users\L'FLYV~1\AppData\Local\Temp\015812~1.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 23:35]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 23:35]
.
2012-03-10 c:\windows\Tasks\User_Feed_Synchronization-{E283021C-9A3A-40C8-9AEE-6D85DFFAE6A1}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/405
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\SavevidPlug-in\redirect.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\L'Fly V2\AppData\Roaming\Mozilla\Firefox\Profiles\9oqokb80.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: Savevid.com Easy Video Downloader: ffmenu@savevid.com - %profile%\extensions\ffmenu@savevid.com
FF - Ext: SavevidToolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - %profile%\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-10 12:28
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3004)
c:\windows\system32\guard32.dll
.
Completion time: 2012-03-10 12:32:24
ComboFix-quarantined-files.txt 2012-03-10 17:32
.
Pre-Run: 74,944,196,608 bytes free
Post-Run: 75,405,975,552 bytes free
.
- - End Of File - - 7786AAF0D198CD12C2507845495D8C72

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 11 March 2012 - 06:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 11 March 2012 - 10:10 AM

Here are the results from TDSSKiller - it said there were no infections found. aswMBR log coming next post.


11:03:57.0133 5240 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
11:03:57.0562 5240 ============================================================
11:03:57.0562 5240 Current date / time: 2012/03/11 11:03:57.0562
11:03:57.0562 5240 SystemInfo:
11:03:57.0562 5240
11:03:57.0562 5240 OS Version: 6.0.6002 ServicePack: 2.0
11:03:57.0562 5240 Product type: Workstation
11:03:57.0562 5240 ComputerName: LFLYV2-PC
11:03:57.0563 5240 UserName: L'Fly V2
11:03:57.0563 5240 Windows directory: C:\Windows
11:03:57.0563 5240 System windows directory: C:\Windows
11:03:57.0563 5240 Processor architecture: Intel x86
11:03:57.0563 5240 Number of processors: 2
11:03:57.0563 5240 Page size: 0x1000
11:03:57.0563 5240 Boot type: Normal boot
11:03:57.0563 5240 ============================================================
11:03:59.0263 5240 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:03:59.0267 5240 \Device\Harddisk0\DR0:
11:03:59.0267 5240 MBR used
11:03:59.0267 5240 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:03:59.0267 5240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
11:03:59.0526 5240 Initialize success
11:03:59.0526 5240 ============================================================
11:04:26.0473 5160 ============================================================
11:04:26.0473 5160 Scan started
11:04:26.0473 5160 Mode: Manual;
11:04:26.0473 5160 ============================================================
11:04:28.0909 5160 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:04:28.0914 5160 ACPI - ok
11:04:29.0272 5160 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:04:29.0281 5160 adp94xx - ok
11:04:29.0656 5160 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:04:29.0662 5160 adpahci - ok
11:04:29.0815 5160 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:04:29.0818 5160 adpu160m - ok
11:04:29.0990 5160 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:04:30.0000 5160 adpu320 - ok
11:04:30.0607 5160 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:04:30.0613 5160 AFD - ok
11:04:31.0158 5160 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:04:31.0160 5160 agp440 - ok
11:04:31.0306 5160 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:04:31.0309 5160 aic78xx - ok
11:04:31.0674 5160 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:04:31.0676 5160 aliide - ok
11:04:31.0879 5160 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:04:31.0882 5160 amdagp - ok
11:04:32.0138 5160 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:04:32.0140 5160 amdide - ok
11:04:32.0399 5160 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:04:32.0401 5160 AmdK7 - ok
11:04:32.0587 5160 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
11:04:32.0589 5160 AmdK8 - ok
11:04:32.0859 5160 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:04:32.0862 5160 ApfiltrService - ok
11:04:33.0280 5160 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:04:33.0283 5160 arc - ok
11:04:33.0410 5160 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:04:33.0413 5160 arcsas - ok
11:04:33.0749 5160 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:04:33.0751 5160 AsyncMac - ok
11:04:33.0911 5160 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
11:04:33.0913 5160 atapi - ok
11:04:34.0156 5160 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:04:34.0158 5160 AVGIDSDriver - ok
11:04:34.0297 5160 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:04:34.0299 5160 AVGIDSEH - ok
11:04:34.0467 5160 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:04:34.0468 5160 AVGIDSFilter - ok
11:04:34.0566 5160 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
11:04:34.0567 5160 AVGIDSShim - ok
11:04:34.0771 5160 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
11:04:34.0775 5160 Avgldx86 - ok
11:04:34.0913 5160 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:04:34.0914 5160 Avgmfx86 - ok
11:04:35.0250 5160 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:04:35.0252 5160 Avgrkx86 - ok
11:04:35.0404 5160 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
11:04:35.0408 5160 Avgtdix - ok
11:04:35.0666 5160 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
11:04:35.0668 5160 BCM42RLY - ok
11:04:36.0051 5160 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:04:36.0065 5160 BCM43XX - ok
11:04:36.0416 5160 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:04:36.0417 5160 Beep - ok
11:04:36.0707 5160 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:04:36.0709 5160 blbdrive - ok
11:04:36.0877 5160 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:04:36.0880 5160 bowser - ok
11:04:36.0981 5160 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:04:36.0983 5160 BrFiltLo - ok
11:04:37.0087 5160 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:04:37.0090 5160 BrFiltUp - ok
11:04:37.0244 5160 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:04:37.0247 5160 Brserid - ok
11:04:37.0349 5160 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:04:37.0352 5160 BrSerWdm - ok
11:04:37.0449 5160 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:04:37.0451 5160 BrUsbMdm - ok
11:04:37.0525 5160 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:04:37.0527 5160 BrUsbSer - ok
11:04:37.0637 5160 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
11:04:37.0639 5160 BthEnum - ok
11:04:37.0797 5160 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
11:04:37.0799 5160 BTHMODEM - ok
11:04:37.0931 5160 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:04:37.0933 5160 BthPan - ok
11:04:38.0115 5160 BthPort (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
11:04:38.0125 5160 BthPort - ok
11:04:38.0401 5160 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
11:04:38.0403 5160 BTHUSB - ok
11:04:38.0511 5160 btwaudio (f2f7342742180d5060285499dee50f99) C:\Windows\system32\drivers\btwaudio.sys
11:04:38.0513 5160 btwaudio - ok
11:04:38.0690 5160 btwavdt (32f59f26a30cfc508da11db3ea0f8b77) C:\Windows\system32\drivers\btwavdt.sys
11:04:38.0692 5160 btwavdt - ok
11:04:38.0858 5160 btwl2cap (ecb98391c756a7b9cfbae89d9d1235e1) C:\Windows\system32\DRIVERS\btwl2cap.sys
11:04:38.0860 5160 btwl2cap - ok
11:04:38.0986 5160 btwrchid (03658734ef7d0f3b3f4636d3e8a38964) C:\Windows\system32\DRIVERS\btwrchid.sys
11:04:38.0988 5160 btwrchid - ok
11:04:39.0457 5160 catchme - ok
11:04:39.0590 5160 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:04:39.0593 5160 cdfs - ok
11:04:39.0748 5160 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:04:39.0751 5160 cdrom - ok
11:04:39.0854 5160 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
11:04:39.0857 5160 circlass - ok
11:04:40.0029 5160 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:04:40.0034 5160 CLFS - ok
11:04:40.0151 5160 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:04:40.0152 5160 CmBatt - ok
11:04:40.0292 5160 cmdGuard (8a4c864777b717ae45580c1e0de2c103) C:\Windows\system32\DRIVERS\cmdguard.sys
11:04:40.0295 5160 cmdGuard - ok
11:04:40.0577 5160 cmdHlp (6ba0554461114a6a8c12543f6f965ccc) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:04:40.0579 5160 cmdHlp - ok
11:04:40.0701 5160 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:04:40.0706 5160 cmdide - ok
11:04:40.0786 5160 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:04:40.0788 5160 Compbatt - ok
11:04:40.0830 5160 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:04:40.0832 5160 crcdisk - ok
11:04:40.0922 5160 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:04:40.0925 5160 Crusoe - ok
11:04:41.0077 5160 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:04:41.0079 5160 DfsC - ok
11:04:41.0241 5160 DigiNet (e70ac14f6addcc9589cf513af725178c) C:\Windows\system32\DRIVERS\diginet.sys
11:04:41.0242 5160 DigiNet - ok
11:04:41.0451 5160 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:04:41.0453 5160 disk - ok
11:04:41.0598 5160 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:04:41.0600 5160 drmkaud - ok
11:04:41.0772 5160 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
11:04:41.0784 5160 DXGKrnl - ok
11:04:42.0133 5160 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
11:04:42.0138 5160 e1express - ok
11:04:42.0403 5160 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:04:42.0407 5160 E1G60 - ok
11:04:42.0692 5160 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:04:42.0696 5160 Ecache - ok
11:04:42.0820 5160 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:04:42.0843 5160 elxstor - ok
11:04:42.0936 5160 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
11:04:42.0938 5160 ErrDev - ok
11:04:43.0116 5160 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:04:43.0120 5160 exfat - ok
11:04:43.0322 5160 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:04:43.0451 5160 fastfat - ok
11:04:43.0758 5160 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:04:43.0760 5160 fdc - ok
11:04:43.0900 5160 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:04:43.0902 5160 FileInfo - ok
11:04:44.0295 5160 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:04:44.0298 5160 Filetrace - ok
11:04:44.0399 5160 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:04:44.0401 5160 flpydisk - ok
11:04:44.0555 5160 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:04:44.0559 5160 FltMgr - ok
11:04:44.0709 5160 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
11:04:44.0711 5160 Fs_Rec - ok
11:04:44.0814 5160 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:04:44.0817 5160 gagp30kx - ok
11:04:44.0935 5160 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:04:44.0936 5160 GEARAspiWDM - ok
11:04:45.0326 5160 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:04:45.0340 5160 HDAudBus - ok
11:04:45.0464 5160 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:04:45.0466 5160 HidBth - ok
11:04:45.0677 5160 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:04:45.0679 5160 HidIr - ok
11:04:46.0158 5160 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:04:46.0159 5160 HidUsb - ok
11:04:46.0342 5160 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:04:46.0345 5160 HpCISSs - ok
11:04:46.0475 5160 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
11:04:46.0602 5160 HTTP - ok
11:04:46.0958 5160 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:04:46.0960 5160 i2omp - ok
11:04:47.0101 5160 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:04:47.0104 5160 i8042prt - ok
11:04:47.0445 5160 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
11:04:47.0448 5160 iaStor - ok
11:04:47.0588 5160 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:04:47.0594 5160 iaStorV - ok
11:04:48.0428 5160 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:04:48.0591 5160 igfx - ok
11:04:48.0802 5160 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:04:48.0805 5160 iirsp - ok
11:04:50.0168 5160 inspect (7783fe23d056eaf8f0081ed1474640a3) C:\Windows\system32\DRIVERS\inspect.sys
11:04:50.0169 5160 inspect - ok
11:04:50.0377 5160 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:04:50.0379 5160 intelide - ok
11:04:50.0902 5160 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:04:50.0904 5160 intelppm - ok
11:04:51.0093 5160 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:04:51.0095 5160 IpFilterDriver - ok
11:04:51.0239 5160 IpInIp - ok
11:04:51.0490 5160 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:04:51.0493 5160 IPMIDRV - ok
11:04:51.0765 5160 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:04:51.0769 5160 IPNAT - ok
11:04:52.0057 5160 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:04:52.0059 5160 IRENUM - ok
11:04:52.0515 5160 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:04:52.0517 5160 isapnp - ok
11:04:53.0066 5160 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:04:53.0069 5160 iScsiPrt - ok
11:04:53.0296 5160 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:04:53.0299 5160 iteatapi - ok
11:04:53.0542 5160 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:04:53.0544 5160 iteraid - ok
11:04:53.0825 5160 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:04:53.0827 5160 kbdclass - ok
11:04:54.0039 5160 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:04:54.0041 5160 kbdhid - ok
11:04:54.0212 5160 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
11:04:54.0217 5160 KSecDD - ok
11:04:54.0494 5160 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:04:54.0496 5160 lltdio - ok
11:04:54.0646 5160 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:04:54.0650 5160 LSI_FC - ok
11:04:54.0807 5160 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:04:54.0810 5160 LSI_SAS - ok
11:04:54.0964 5160 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:04:55.0063 5160 LSI_SCSI - ok
11:04:55.0219 5160 LTXMD_VAC (834098ee53663043e94f51d8b8e2cb0e) C:\Windows\system32\drivers\lmvac.sys
11:04:55.0222 5160 LTXMD_VAC - ok
11:04:55.0477 5160 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:04:55.0480 5160 luafv - ok
11:04:56.0119 5160 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:04:56.0121 5160 megasas - ok
11:04:56.0317 5160 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:04:56.0325 5160 MegaSR - ok
11:04:56.0471 5160 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:04:56.0473 5160 Modem - ok
11:04:56.0644 5160 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:04:56.0646 5160 monitor - ok
11:04:56.0784 5160 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:04:56.0785 5160 mouclass - ok
11:04:57.0056 5160 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:04:57.0058 5160 mouhid - ok
11:04:57.0219 5160 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:04:57.0221 5160 MountMgr - ok
11:04:57.0701 5160 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:04:57.0705 5160 mpio - ok
11:04:57.0824 5160 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:04:57.0826 5160 mpsdrv - ok
11:04:58.0006 5160 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:04:58.0009 5160 Mraid35x - ok
11:04:58.0168 5160 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:04:58.0172 5160 MRxDAV - ok
11:04:58.0301 5160 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:04:58.0305 5160 mrxsmb - ok
11:04:58.0593 5160 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:04:58.0598 5160 mrxsmb10 - ok
11:04:59.0405 5160 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:04:59.0407 5160 mrxsmb20 - ok
11:04:59.0625 5160 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
11:04:59.0627 5160 msahci - ok
11:04:59.0721 5160 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:04:59.0725 5160 msdsm - ok
11:04:59.0995 5160 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:04:59.0997 5160 Msfs - ok
11:05:00.0180 5160 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:05:00.0181 5160 msisadrv - ok
11:05:00.0324 5160 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:05:00.0326 5160 MSKSSRV - ok
11:05:00.0538 5160 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:05:00.0540 5160 MSPCLOCK - ok
11:05:00.0677 5160 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:05:00.0680 5160 MSPQM - ok
11:05:00.0882 5160 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:05:00.0886 5160 MsRPC - ok
11:05:01.0228 5160 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:05:01.0230 5160 mssmbios - ok
11:05:01.0452 5160 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:05:01.0454 5160 MSTEE - ok
11:05:01.0575 5160 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:05:01.0577 5160 Mup - ok
11:05:01.0756 5160 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:05:01.0759 5160 NativeWifiP - ok
11:05:02.0094 5160 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:05:02.0104 5160 NDIS - ok
11:05:02.0238 5160 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:05:02.0240 5160 NdisTapi - ok
11:05:02.0284 5160 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:05:02.0286 5160 Ndisuio - ok
11:05:02.0476 5160 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:05:02.0480 5160 NdisWan - ok
11:05:02.0627 5160 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:05:02.0630 5160 NDProxy - ok
11:05:02.0945 5160 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:05:02.0947 5160 NetBIOS - ok
11:05:03.0110 5160 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:05:03.0115 5160 netbt - ok
11:05:03.0231 5160 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:05:03.0233 5160 nfrd960 - ok
11:05:03.0361 5160 Normandy - ok
11:05:03.0923 5160 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:05:03.0925 5160 Npfs - ok
11:05:04.0080 5160 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:05:04.0081 5160 nsiproxy - ok
11:05:04.0363 5160 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:05:04.0459 5160 Ntfs - ok
11:05:04.0615 5160 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:05:04.0617 5160 ntrigdigi - ok
11:05:04.0735 5160 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:05:04.0737 5160 Null - ok
11:05:04.0887 5160 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:05:04.0891 5160 nvraid - ok
11:05:05.0157 5160 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:05:05.0160 5160 nvstor - ok
11:05:05.0572 5160 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:05:05.0575 5160 nv_agp - ok
11:05:05.0673 5160 NwlnkFlt - ok
11:05:05.0762 5160 NwlnkFwd - ok
11:05:05.0878 5160 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
11:05:05.0881 5160 ohci1394 - ok
11:05:06.0022 5160 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:05:06.0024 5160 Parport - ok
11:05:06.0135 5160 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
11:05:06.0137 5160 partmgr - ok
11:05:06.0189 5160 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:05:06.0192 5160 Parvdm - ok
11:05:06.0280 5160 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:05:06.0284 5160 pci - ok
11:05:06.0387 5160 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:05:06.0492 5160 pciide - ok
11:05:06.0623 5160 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:05:06.0627 5160 pcmcia - ok
11:05:06.0762 5160 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:05:06.0778 5160 PEAUTH - ok
11:05:06.0936 5160 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:05:06.0939 5160 PptpMiniport - ok
11:05:07.0029 5160 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:05:07.0032 5160 Processor - ok
11:05:07.0208 5160 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:05:07.0210 5160 PSched - ok
11:05:07.0341 5160 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
11:05:07.0343 5160 PxHelp20 - ok
11:05:07.0623 5160 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:05:07.0643 5160 ql2300 - ok
11:05:07.0753 5160 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:05:07.0757 5160 ql40xx - ok
11:05:07.0858 5160 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:05:07.0860 5160 QWAVEdrv - ok
11:05:08.0053 5160 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
11:05:08.0129 5160 R300 - ok
11:05:08.0276 5160 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:05:08.0278 5160 RasAcd - ok
11:05:08.0383 5160 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:05:08.0386 5160 Rasl2tp - ok
11:05:08.0494 5160 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:05:08.0496 5160 RasPppoe - ok
11:05:08.0621 5160 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:05:08.0624 5160 RasSstp - ok
11:05:08.0922 5160 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:05:08.0928 5160 rdbss - ok
11:05:09.0026 5160 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:05:09.0028 5160 RDPCDD - ok
11:05:09.0125 5160 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:05:09.0131 5160 rdpdr - ok
11:05:09.0271 5160 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:05:09.0272 5160 RDPENCDD - ok
11:05:09.0391 5160 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
11:05:09.0396 5160 RDPWD - ok
11:05:09.0527 5160 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
11:05:09.0531 5160 RFCOMM - ok
11:05:09.0610 5160 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:05:09.0613 5160 rspndr - ok
11:05:09.0720 5160 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
11:05:09.0722 5160 RTSTOR - ok
11:05:09.0825 5160 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:05:09.0829 5160 sbp2port - ok
11:05:09.0971 5160 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:05:09.0973 5160 secdrv - ok
11:05:10.0073 5160 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:05:10.0085 5160 Serenum - ok
11:05:10.0204 5160 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:05:10.0208 5160 Serial - ok
11:05:10.0421 5160 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:05:10.0427 5160 sermouse - ok
11:05:10.0593 5160 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:05:10.0595 5160 sffdisk - ok
11:05:10.0723 5160 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:05:10.0726 5160 sffp_mmc - ok
11:05:10.0820 5160 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:05:10.0822 5160 sffp_sd - ok
11:05:10.0932 5160 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:05:10.0934 5160 sfloppy - ok
11:05:11.0073 5160 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:05:11.0076 5160 sisagp - ok
11:05:11.0176 5160 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:05:11.0179 5160 SiSRaid2 - ok
11:05:11.0313 5160 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:05:11.0316 5160 SiSRaid4 - ok
11:05:11.0560 5160 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:05:11.0563 5160 Smb - ok
11:05:11.0684 5160 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:05:11.0686 5160 spldr - ok
11:05:11.0815 5160 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:05:11.0821 5160 srv - ok
11:05:12.0065 5160 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:05:12.0091 5160 srv2 - ok
11:05:12.0257 5160 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:05:12.0260 5160 srvnet - ok
11:05:12.0416 5160 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
11:05:12.0430 5160 STHDA - ok
11:05:12.0564 5160 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:05:12.0566 5160 swenum - ok
11:05:12.0651 5160 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:05:12.0654 5160 Symc8xx - ok
11:05:12.0750 5160 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:05:12.0752 5160 Sym_hi - ok
11:05:12.0846 5160 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:05:12.0848 5160 Sym_u3 - ok
11:05:12.0992 5160 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
11:05:13.0002 5160 Tcpip - ok
11:05:14.0060 5160 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
11:05:14.0069 5160 Tcpip6 - ok
11:05:14.0265 5160 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:05:14.0267 5160 tcpipreg - ok
11:05:14.0383 5160 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:05:14.0385 5160 TDPIPE - ok
11:05:14.0493 5160 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:05:14.0496 5160 TDTCP - ok
11:05:14.0601 5160 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:05:14.0604 5160 tdx - ok
11:05:14.0698 5160 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:05:14.0700 5160 TermDD - ok
11:05:14.0830 5160 TPkd (5f226c681049fb1df1578af32bb641f1) C:\Windows\system32\drivers\TPkd.sys
11:05:14.0832 5160 TPkd - ok
11:05:15.0046 5160 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:05:15.0048 5160 tssecsrv - ok
11:05:15.0190 5160 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:05:15.0193 5160 tunmp - ok
11:05:15.0442 5160 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:05:15.0444 5160 tunnel - ok
11:05:15.0539 5160 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:05:15.0542 5160 uagp35 - ok
11:05:15.0655 5160 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:05:15.0660 5160 udfs - ok
11:05:15.0843 5160 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:05:15.0846 5160 uliagpkx - ok
11:05:15.0989 5160 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:05:15.0995 5160 uliahci - ok
11:05:16.0114 5160 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:05:16.0117 5160 UlSata - ok
11:05:16.0320 5160 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:05:16.0324 5160 ulsata2 - ok
11:05:16.0620 5160 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:05:16.0622 5160 umbus - ok
11:05:16.0865 5160 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:05:16.0867 5160 USBAAPL - ok
11:05:17.0055 5160 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
11:05:17.0058 5160 usbaudio - ok
11:05:17.0147 5160 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:05:17.0151 5160 usbccgp - ok
11:05:17.0281 5160 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:05:17.0284 5160 usbcir - ok
11:05:17.0390 5160 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:05:17.0392 5160 usbehci - ok
11:05:17.0514 5160 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:05:17.0519 5160 usbhub - ok
11:05:17.0616 5160 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:05:17.0619 5160 usbohci - ok
11:05:17.0782 5160 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
11:05:17.0784 5160 usbprint - ok
11:05:17.0935 5160 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:05:17.0939 5160 USBSTOR - ok
11:05:18.0053 5160 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:05:18.0055 5160 usbuhci - ok
11:05:18.0192 5160 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:05:18.0196 5160 usbvideo - ok
11:05:18.0316 5160 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:05:18.0318 5160 vga - ok
11:05:18.0427 5160 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:05:18.0429 5160 VgaSave - ok
11:05:18.0547 5160 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:05:18.0550 5160 viaagp - ok
11:05:18.0803 5160 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:05:18.0806 5160 ViaC7 - ok
11:05:18.0935 5160 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:05:18.0937 5160 viaide - ok
11:05:19.0114 5160 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:05:19.0116 5160 volmgr - ok
11:05:19.0342 5160 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:05:19.0348 5160 volmgrx - ok
11:05:19.0460 5160 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:05:19.0465 5160 volsnap - ok
11:05:19.0753 5160 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:05:19.0757 5160 vsmraid - ok
11:05:19.0913 5160 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:05:19.0916 5160 WacomPen - ok
11:05:20.0025 5160 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:20.0058 5160 Wanarp - ok
11:05:20.0065 5160 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:05:20.0066 5160 Wanarpv6 - ok
11:05:20.0183 5160 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:05:20.0185 5160 Wd - ok
11:05:20.0368 5160 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:05:20.0377 5160 Wdf01000 - ok
11:05:20.0750 5160 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\Windows\system32\drivers\WmFilter.sys
11:05:20.0752 5160 WmFilter - ok
11:05:20.0870 5160 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:05:20.0871 5160 WmiAcpi - ok
11:05:21.0005 5160 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
11:05:21.0008 5160 WpdUsb - ok
11:05:21.0166 5160 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:05:21.0168 5160 ws2ifsl - ok
11:05:21.0275 5160 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:05:21.0277 5160 WSDPrintDevice - ok
11:05:21.0322 5160 WSDScan (65d1ff8aaff4a7d8f787a290e5087816) C:\Windows\system32\DRIVERS\WSDScan.sys
11:05:21.0324 5160 WSDScan - ok
11:05:21.0469 5160 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:05:21.0472 5160 WUDFRd - ok
11:05:21.0642 5160 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
11:05:21.0648 5160 yukonwlh - ok
11:05:21.0706 5160 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
11:05:21.0781 5160 \Device\Harddisk0\DR0 - ok
11:05:21.0805 5160 Boot (0x1200) (80d94db17add55dbb03b8daa0456d55a) \Device\Harddisk0\DR0\Partition0
11:05:21.0807 5160 \Device\Harddisk0\DR0\Partition0 - ok
11:05:21.0812 5160 Boot (0x1200) (b12b5e33b56558a810f5e9c95962f712) \Device\Harddisk0\DR0\Partition1
11:05:21.0813 5160 \Device\Harddisk0\DR0\Partition1 - ok
11:05:21.0815 5160 ============================================================
11:05:21.0816 5160 Scan finished
11:05:21.0816 5160 ============================================================
11:05:21.0835 4012 Detected object count: 0
11:05:21.0835 4012 Actual detected object count: 0

#9 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 11 March 2012 - 10:36 AM

aswMBR log:


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-11 11:12:46
-----------------------------
11:12:46.828 OS Version: Windows 6.0.6002 Service Pack 2
11:12:46.829 Number of processors: 2 586 0x170A
11:12:46.831 ComputerName: LFLYV2-PC UserName: L'Fly V2
11:13:37.603 Initialize success
11:15:28.278 AVAST engine defs: 12031100
11:16:25.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:16:25.729 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
11:16:25.745 Disk 0 MBR read successfully
11:16:25.749 Disk 0 MBR scan
11:16:25.756 Disk 0 Windows VISTA default MBR code
11:16:25.761 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:16:25.777 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:16:25.808 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
11:16:25.819 Disk 0 scanning sectors +488395120
11:16:25.908 Disk 0 scanning C:\Windows\system32\drivers
11:16:48.352 Service scanning
11:17:43.623 Modules scanning
11:18:00.666 Disk 0 trace - called modules:
11:18:01.066 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:18:01.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863da780]
11:18:01.081 3 CLASSPNP.SYS[8aba88b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8598a028]
11:18:02.055 AVAST engine scan C:\Windows
11:18:06.122 AVAST engine scan C:\Windows\system32
11:21:33.785 AVAST engine scan C:\Windows\system32\drivers
11:21:52.775 AVAST engine scan C:\Users\L'Fly V2
11:33:15.921 Disk 0 MBR has been saved successfully to "C:\Users\L'Fly V2\Desktop\MBR.dat"
11:33:15.932 The log file has been saved successfully to "C:\Users\L'Fly V2\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 11 March 2012 - 11:38 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\progra~1\WI0498~1\Datamngr

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 12 March 2012 - 08:13 AM

Hi - all went fine and new tabs are opening properly, no searchnu! Combofix log below:


ComboFix 12-03-10.02 - L'Fly V2 03/12/2012 8:41.7.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3034.1697 [GMT -4:00]
Running from: c:\users\L'Fly V2\Downloads\ComboFix.exe
Command switches used :: c:\users\L'Fly V2\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~1\WI0498~1\Datamngr
c:\progra~1\WI0498~1\Datamngr\BrowserConnection.dll
c:\progra~1\WI0498~1\Datamngr\datamngr.dll
c:\progra~1\WI0498~1\Datamngr\datamngrUI.exe
c:\progra~1\WI0498~1\Datamngr\DnsBHO.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\chrome.manifest
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\chrome.manifest.alt
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\DataMngr.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\DnsBHO.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\Error404BHO.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\NewTabBHO.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\overlay.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\overlay.xul
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\RelatedSearch.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\SearchBHO.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\SettingManager.js
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\Settings.xml
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\content\Settings.xml.alt
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\install.rdf
c:\progra~1\WI0498~1\Datamngr\FirefoxExtension\install.rdf.alt
c:\progra~1\WI0498~1\Datamngr\IEBHO.dll
c:\progra~1\WI0498~1\Datamngr\ToolBar\as_guid.dat
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\bandoocode.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\data\search\engines.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\data\search\search.xsl
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\about.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\bandoocode.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\external.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\vmncode.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\modules\datastore.jsm
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\neterror.xhtml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\partner.coupons.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\preferences.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\radiobeta.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\template.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\toolbar.htm
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\toolbar.xul
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\vmncode.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\vmnrsswin.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\tb_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\tb_icon_dis.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\tb_icon_disFF.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\tb_iconFF.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\tb_pref_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\url_rules.json
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\widget.jsw
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\com.savevid.www.Savevid\widget.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\country.json
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\favorites.json
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\back.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\star.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\index.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\function.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\main.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\babylon_logo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\bandoo.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\blip.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\bluelite.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\bluesky.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\break.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-search-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-settings-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-settings.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn-widgets.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\btn_settings.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\ca.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\dailymotion.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\dictionary.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\divider.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\downloadcom.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\dtxlogo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\ebay.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\email.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\email_on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\facebook.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\games.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\go_idle.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\go_rollover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred0.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred0_5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred1.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred1_5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred2.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred2_5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred3.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred3_5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred4.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred4_5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphred5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\graphredna.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\grey.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\ico-shield.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\icon_games.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\icon_seperator.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\icon_twitter.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\icon_youtube.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\images.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\imesh.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\add.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\aol.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\blank.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\checkmark.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\chevron.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\collapse.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\comcast.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\dtx.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\edit-back.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\expand.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\found.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\gmail.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\hotmail.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\ico-check.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\imap.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\lock.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\mailcom.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\modify.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\move.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\movetarget.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\pop.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\reload.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\remove.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\rename.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\rss.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\search-go.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\throbber.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lib\yahoo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\lichen.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\logo-about.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\logo-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\logo-separator.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\logo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\mail.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\maps.bmp
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\metacafe.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\modify-save.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\modify.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\modifyhot.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\music.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\news.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\options\options-main.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\options\options-search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\options\options-weather.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\options\options-weather.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\options\options-widgets.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\orange.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\pixsy.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\protect-id.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\radiobeta.ico
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\relatedlinks.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-collapse.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-delete.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-expand.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-feed.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-folder.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-found.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-reload.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss-subscribe.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rss.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rssback.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\rsstopback.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\search-over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\search.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\search_button.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\search_button_over.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\settings.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\shopping.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\siteinfo.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-bluelite.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-bluesky.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-grey.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-lichen.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-orange.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin-yellow.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\skin.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\sv.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\technorati.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\throbber.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\translate.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\veoh.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\video.bmp
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\vimeo.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\vmn.css
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\vmn.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\weather.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\web.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\wikipedia.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\yahoosearch.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\yellow.gif
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\youtube.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\chrome\skin\zoom.png
c:\progra~1\WI0498~1\Datamngr\ToolBar\components\windowmediator.js
c:\progra~1\WI0498~1\Datamngr\ToolBar\dtUser.exe
c:\progra~1\WI0498~1\Datamngr\ToolBar\install.ico
c:\progra~1\WI0498~1\Datamngr\ToolBar\manifest.xml
c:\progra~1\WI0498~1\Datamngr\ToolBar\savevid.dll
c:\progra~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
c:\progra~1\WI0498~1\Datamngr\ToolBar\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 12:56 . 2012-03-12 12:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-12 12:56 . 2012-03-12 12:56 -------- d-----w- c:\users\L'Fly\AppData\Local\temp
2012-03-12 12:56 . 2012-03-12 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 00:55 . 2012-02-19 00:55 -------- d-----w- C:\459655a011c8a83fb43028933b9a
2012-02-16 12:58 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 12:58 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-17 14:33 . 2011-12-17 14:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-09-23 11:44 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-09-23 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-31 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-31 150552]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 3810304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-01-27 2548552]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-09-23 218440]
.
c:\users\L'Fly V2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-18 05:14 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 05:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-04-24 16:05 250192 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-09-17 04:14 153608 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Quick-Drop]
2007-01-26 00:45 159744 ------w- c:\program files\Ulead Systems\Ulead DVD MovieFactory 5\Ulead DVD MovieFactory 5\Quick-Drop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:35 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R4 0158121283519983mcinstcleanup;McAfee Application Installer Cleanup (0158121283519983);c:\users\L'FLYV~1\AppData\Local\Temp\015812~1.EXE [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 23:35]
.
2012-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-09 23:35]
.
2012-03-12 c:\windows\Tasks\User_Feed_Synchronization-{E283021C-9A3A-40C8-9AEE-6D85DFFAE6A1}.job
- c:\windows\system32\msfeedssync.exe [2012-02-16 04:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.searchqu.com/405
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save video on Savevid.com - c:\program files\SavevidPlug-in\redirect.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\L'Fly V2\AppData\Roaming\Mozilla\Firefox\Profiles\9oqokb80.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=405&sr=0&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: Savevid.com Easy Video Downloader: ffmenu@savevid.com - %profile%\extensions\ffmenu@savevid.com
FF - Ext: SavevidToolbar: {23cd218f-af09-443f-bbb1-adb89fd5986d} - %profile%\extensions\{23cd218f-af09-443f-bbb1-adb89fd5986d}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
Toolbar-{23cd218f-af09-443f-bbb1-adb89fd5986d} - c:\progra~1\WI0498~1\Datamngr\ToolBar\savevidX.dll
HKLM-Run-DATAMNGR - c:\progra~1\WI0498~1\Datamngr\DATAMN~1.EXE
AddRemove-Savevid - c:\progra~1\WI0498~1\Datamngr\ToolBar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 08:57
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(864)
c:\windows\system32\guard32.dll
.
Completion time: 2012-03-12 09:02:58
ComboFix-quarantined-files.txt 2012-03-12 13:02
ComboFix2.txt 2012-03-10 17:32
.
Pre-Run: 75,338,747,904 bytes free
Post-Run: 75,413,270,528 bytes free
.
- - End Of File - - 206B07C7D7C821FDA46107BC11633FC4

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 12 March 2012 - 08:31 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.0
Java™ 6 Update 22
Vuze
Vuze Remote Toolbar
Vuze Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NickFly

NickFly
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:16 PM

Posted 14 March 2012 - 09:03 AM

Hi, I'm going to be traveling for a few days for work, so it might be more than five days before I reply - just letting you know.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 14 March 2012 - 02:54 PM

Ok I will check on you in a couple days


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:16 PM

Posted 17 March 2012 - 12:46 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users